658b22f3ce994ed65e4f632623072ae9fdacdabb0983d9b7a6a3c9d5834051c3

Analysis

max time kernel
16s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bcfdc70f9303d442ddfc552312cd070N.exe
Size

1.1MB
MD5

3bcfdc70f9303d442ddfc552312cd070
SHA1

0b3a1f63f06047a9140db948f8d0090096f5c700
SHA256

658b22f3ce994ed65e4f632623072ae9fdacdabb0983d9b7a6a3c9d5834051c3
SHA512

08c2586307facf761915dd8b3dd673692dee66b952e04d0b9a2694cc94817067af7ee966ae57e4d1355f3bfac2c66fec2d815e261b424d44d811f1dbbfb706ee
SSDEEP

24576:7rNz/a/L2kPIiNkeuuqaYBBLi7PpwmOQQbZETDQTm+EA7vrer:/5/CL2hauuq3HcJHnTDQ97s

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2596-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000016d89-5.dat	upx
behavioral1/memory/2660-16-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3064-48-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3024-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1744-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/816-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1712-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2596-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2932-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2660-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3064-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/816-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1316-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1744-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3024-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2812-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1904-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2800-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1712-101-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1960-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2932-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1764-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1904-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2800-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2812-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1316-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2168-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2352-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1960-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/292-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1692-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3024-119-0x00000000044B0000-0x00000000044CF000-memory.dmp	upx
behavioral1/memory/852-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1764-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2168-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1456-131-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1692-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1420-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1212-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1900-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1748-134-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1616-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1504-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2352-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/796-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/852-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2024-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1420-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1604-145-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1504-144-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2640-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1292-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1456-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1748-153-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1480-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2620-150-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2916-157-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2920-155-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2788-154-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2500-158-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/796-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/440-162-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1116-161-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3bcfdc70f9303d442ddfc552312cd070N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\J:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\S:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\T:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\U:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\V:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\E:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\G:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\O:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\P:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\Y:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\I:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\K:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\W:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\A:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\R:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\M:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\N:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\Q:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\X:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\Z:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\B:	3bcfdc70f9303d442ddfc552312cd070N.exe
File opened (read-only)	\??\L:	3bcfdc70f9303d442ddfc552312cd070N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob big leather .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang sperm masturbation (Melissa).mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking public feet .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian cum blowjob lesbian (Liz).mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie girls feet upskirt (Sylvia).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black cumshot fucking masturbation feet 50+ (Liz).mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian cumshot lingerie [free] YEâPSè& (Jenna,Tatjana).avi.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files\Windows Journal\Templates\swedish cumshot lesbian big penetration .avi.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\swedish porn trambling full movie glans shower .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american handjob xxx licking hole 50+ .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie lesbian glans leather (Janette).avi.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files\DVD Maker\Shared\horse blowjob lesbian swallow (Jenna,Liz).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Google\Temp\fucking masturbation 50+ .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake several models blondie (Gina,Tatjana).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese cumshot xxx sleeping cock blondie (Tatjana).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse hidden titts beautyfull .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese beastiality bukkake licking cock (Sandy,Samantha).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob big .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling hot (!) traffic .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx full movie hole stockings (Karin).avi.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake big glans femdom .mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american porn bukkake public swallow .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese animal beast catfight high heels .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\security\templates\black beastiality trambling sleeping 50+ .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lesbian big .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\mssrv.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian kicking beast [free] mature (Anniston,Janette).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling full movie upskirt .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking catfight .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish cum trambling [free] swallow .mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\indian cum trambling hidden cock stockings (Melissa).mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\Downloaded Program Files\sperm [milf] swallow .mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake full movie (Curtney).mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian public mistress .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\blowjob lesbian girly (Sonja,Melissa).mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling licking .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian horse xxx voyeur upskirt .mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish animal xxx public castration .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish kicking fucking public shoes .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian nude bukkake [milf] feet .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast hot (!) .mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\temp\trambling sleeping cock swallow .rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian action xxx big shoes .mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\tmp\swedish cum sperm [milf] hole .avi.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish beastiality lesbian voyeur feet ejaculation (Sylvia).mpeg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish animal hardcore lesbian hairy (Ashley,Sylvia).mpg.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\PLA\Templates\danish cum lingerie licking bedroom .zip.exe	3bcfdc70f9303d442ddfc552312cd070N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish cumshot xxx [free] feet (Sonja,Liz).rar.exe	3bcfdc70f9303d442ddfc552312cd070N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
2660	3bcfdc70f9303d442ddfc552312cd070N.exe
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
3064	3bcfdc70f9303d442ddfc552312cd070N.exe
3024	3bcfdc70f9303d442ddfc552312cd070N.exe
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
2660	3bcfdc70f9303d442ddfc552312cd070N.exe
816	3bcfdc70f9303d442ddfc552312cd070N.exe
3064	3bcfdc70f9303d442ddfc552312cd070N.exe
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
1744	3bcfdc70f9303d442ddfc552312cd070N.exe
2932	3bcfdc70f9303d442ddfc552312cd070N.exe
1712	3bcfdc70f9303d442ddfc552312cd070N.exe
2660	3bcfdc70f9303d442ddfc552312cd070N.exe
3024	3bcfdc70f9303d442ddfc552312cd070N.exe
2812	3bcfdc70f9303d442ddfc552312cd070N.exe
1904	3bcfdc70f9303d442ddfc552312cd070N.exe
816	3bcfdc70f9303d442ddfc552312cd070N.exe
3064	3bcfdc70f9303d442ddfc552312cd070N.exe
2800	3bcfdc70f9303d442ddfc552312cd070N.exe
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
292	3bcfdc70f9303d442ddfc552312cd070N.exe
1744	3bcfdc70f9303d442ddfc552312cd070N.exe
1316	3bcfdc70f9303d442ddfc552312cd070N.exe
2660	3bcfdc70f9303d442ddfc552312cd070N.exe
3024	3bcfdc70f9303d442ddfc552312cd070N.exe
1960	3bcfdc70f9303d442ddfc552312cd070N.exe
1764	3bcfdc70f9303d442ddfc552312cd070N.exe
2932	3bcfdc70f9303d442ddfc552312cd070N.exe
1212	3bcfdc70f9303d442ddfc552312cd070N.exe
1712	3bcfdc70f9303d442ddfc552312cd070N.exe
2352	3bcfdc70f9303d442ddfc552312cd070N.exe
2168	3bcfdc70f9303d442ddfc552312cd070N.exe
816	3bcfdc70f9303d442ddfc552312cd070N.exe
3064	3bcfdc70f9303d442ddfc552312cd070N.exe
2812	3bcfdc70f9303d442ddfc552312cd070N.exe
2596	3bcfdc70f9303d442ddfc552312cd070N.exe
1904	3bcfdc70f9303d442ddfc552312cd070N.exe
1616	3bcfdc70f9303d442ddfc552312cd070N.exe
1692	3bcfdc70f9303d442ddfc552312cd070N.exe
1900	3bcfdc70f9303d442ddfc552312cd070N.exe
852	3bcfdc70f9303d442ddfc552312cd070N.exe
2800	3bcfdc70f9303d442ddfc552312cd070N.exe
1420	3bcfdc70f9303d442ddfc552312cd070N.exe
2932	3bcfdc70f9303d442ddfc552312cd070N.exe
1764	3bcfdc70f9303d442ddfc552312cd070N.exe
1764	3bcfdc70f9303d442ddfc552312cd070N.exe
1744	3bcfdc70f9303d442ddfc552312cd070N.exe
1744	3bcfdc70f9303d442ddfc552312cd070N.exe
2660	3bcfdc70f9303d442ddfc552312cd070N.exe
1712	3bcfdc70f9303d442ddfc552312cd070N.exe
1456	3bcfdc70f9303d442ddfc552312cd070N.exe
1504	3bcfdc70f9303d442ddfc552312cd070N.exe
1504	3bcfdc70f9303d442ddfc552312cd070N.exe
1748	3bcfdc70f9303d442ddfc552312cd070N.exe
1748	3bcfdc70f9303d442ddfc552312cd070N.exe
1292	3bcfdc70f9303d442ddfc552312cd070N.exe
1292	3bcfdc70f9303d442ddfc552312cd070N.exe
1480	3bcfdc70f9303d442ddfc552312cd070N.exe
1480	3bcfdc70f9303d442ddfc552312cd070N.exe
796	3bcfdc70f9303d442ddfc552312cd070N.exe
796	3bcfdc70f9303d442ddfc552312cd070N.exe
2024	3bcfdc70f9303d442ddfc552312cd070N.exe
2024	3bcfdc70f9303d442ddfc552312cd070N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2660	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	30
PID 2596 wrote to memory of 2660	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	30
PID 2596 wrote to memory of 2660	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	30
PID 2596 wrote to memory of 2660	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	30
PID 2660 wrote to memory of 3064	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	31
PID 2660 wrote to memory of 3064	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	31
PID 2660 wrote to memory of 3064	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	31
PID 2660 wrote to memory of 3064	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	31
PID 2596 wrote to memory of 3024	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	32
PID 2596 wrote to memory of 3024	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	32
PID 2596 wrote to memory of 3024	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	32
PID 2596 wrote to memory of 3024	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	32
PID 3064 wrote to memory of 816	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	33
PID 3064 wrote to memory of 816	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	33
PID 3064 wrote to memory of 816	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	33
PID 3064 wrote to memory of 816	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	33
PID 2596 wrote to memory of 1744	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	34
PID 2596 wrote to memory of 1744	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	34
PID 2596 wrote to memory of 1744	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	34
PID 2596 wrote to memory of 1744	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	34
PID 2660 wrote to memory of 2932	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	35
PID 2660 wrote to memory of 2932	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	35
PID 2660 wrote to memory of 2932	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	35
PID 2660 wrote to memory of 2932	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	35
PID 3024 wrote to memory of 1712	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	36
PID 3024 wrote to memory of 1712	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	36
PID 3024 wrote to memory of 1712	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	36
PID 3024 wrote to memory of 1712	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	36
PID 816 wrote to memory of 2812	816	3bcfdc70f9303d442ddfc552312cd070N.exe	37
PID 816 wrote to memory of 2812	816	3bcfdc70f9303d442ddfc552312cd070N.exe	37
PID 816 wrote to memory of 2812	816	3bcfdc70f9303d442ddfc552312cd070N.exe	37
PID 816 wrote to memory of 2812	816	3bcfdc70f9303d442ddfc552312cd070N.exe	37
PID 3064 wrote to memory of 2800	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	38
PID 3064 wrote to memory of 2800	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	38
PID 3064 wrote to memory of 2800	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	38
PID 3064 wrote to memory of 2800	3064	3bcfdc70f9303d442ddfc552312cd070N.exe	38
PID 2596 wrote to memory of 1904	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	39
PID 2596 wrote to memory of 1904	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	39
PID 2596 wrote to memory of 1904	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	39
PID 2596 wrote to memory of 1904	2596	3bcfdc70f9303d442ddfc552312cd070N.exe	39
PID 2660 wrote to memory of 1316	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	40
PID 2660 wrote to memory of 1316	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	40
PID 2660 wrote to memory of 1316	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	40
PID 2660 wrote to memory of 1316	2660	3bcfdc70f9303d442ddfc552312cd070N.exe	40
PID 3024 wrote to memory of 292	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	41
PID 3024 wrote to memory of 292	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	41
PID 3024 wrote to memory of 292	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	41
PID 3024 wrote to memory of 292	3024	3bcfdc70f9303d442ddfc552312cd070N.exe	41
PID 1744 wrote to memory of 1960	1744	3bcfdc70f9303d442ddfc552312cd070N.exe	42
PID 1744 wrote to memory of 1960	1744	3bcfdc70f9303d442ddfc552312cd070N.exe	42
PID 1744 wrote to memory of 1960	1744	3bcfdc70f9303d442ddfc552312cd070N.exe	42
PID 1744 wrote to memory of 1960	1744	3bcfdc70f9303d442ddfc552312cd070N.exe	42
PID 2932 wrote to memory of 1764	2932	3bcfdc70f9303d442ddfc552312cd070N.exe	43
PID 2932 wrote to memory of 1764	2932	3bcfdc70f9303d442ddfc552312cd070N.exe	43
PID 2932 wrote to memory of 1764	2932	3bcfdc70f9303d442ddfc552312cd070N.exe	43
PID 2932 wrote to memory of 1764	2932	3bcfdc70f9303d442ddfc552312cd070N.exe	43
PID 1712 wrote to memory of 1212	1712	3bcfdc70f9303d442ddfc552312cd070N.exe	44
PID 1712 wrote to memory of 1212	1712	3bcfdc70f9303d442ddfc552312cd070N.exe	44
PID 1712 wrote to memory of 1212	1712	3bcfdc70f9303d442ddfc552312cd070N.exe	44
PID 1712 wrote to memory of 1212	1712	3bcfdc70f9303d442ddfc552312cd070N.exe	44
PID 816 wrote to memory of 2352	816	3bcfdc70f9303d442ddfc552312cd070N.exe	45
PID 816 wrote to memory of 2352	816	3bcfdc70f9303d442ddfc552312cd070N.exe	45
PID 816 wrote to memory of 2352	816	3bcfdc70f9303d442ddfc552312cd070N.exe	45
PID 816 wrote to memory of 2352	816	3bcfdc70f9303d442ddfc552312cd070N.exe	45

C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
"C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        9⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        9⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13888
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:15028
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:2608
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:12724
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:9368
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:5204
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:9020
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:1792
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        7⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8432
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:292
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:12404
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8532
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13268
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:6696
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:9056
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:1976
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13316
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:12904
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:15044
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13860
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:5212
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:8992
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:12820
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        6⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:3460
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:12452
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:12716
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:12648
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:12460
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
      "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
      4⤵
      PID:13300
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:5272
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:1752
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  PID:3340
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:5844
- - C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
    3⤵
    PID:10788
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  PID:4624
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  PID:6608
- C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe
  "C:\Users\Admin\AppData\Local\Temp\3bcfdc70f9303d442ddfc552312cd070N.exe"
  2⤵
  PID:9396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian cum blowjob lesbian (Liz).mpeg.exe

Filesize
1.5MB

MD5
d62e3749dd20fc71deee530c776cb777

SHA1
29b790ae3d9b0c164d65f55ecf0a7a2bc505044f

SHA256
f9b5a96e6f0d43bc0a720a13487713802d5abe49d92a44faee098ee10e15befa

SHA512
0be7c57bc73073e1f32d273f24bcc7b19daba6f9c960ea82b93e24aba182db072dcb320d6ac91b649dc803400ce1c1a99c0e73d546c1cf127cf66e9c53730b24

Download Submit
memory/292-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/440-162-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/796-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/796-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/816-124-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/816-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/816-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/816-109-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/852-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/852-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1116-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1212-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1212-143-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1292-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1316-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1316-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1420-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1420-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1456-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1456-131-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1480-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1504-144-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1504-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-145-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-176-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1616-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1692-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1692-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1712-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1712-101-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1744-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1744-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1744-173-0x0000000004930000-0x000000000494F000-memory.dmp

Filesize
124KB

Download
memory/1748-153-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1748-134-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1764-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1764-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1764-174-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/1900-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-116-0x00000000044E0000-0x00000000044FF000-memory.dmp

Filesize
124KB

Download
memory/1904-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-130-0x00000000044E0000-0x00000000044FF000-memory.dmp

Filesize
124KB

Download
memory/1932-184-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1960-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1960-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2024-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2024-160-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2136-180-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2168-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2168-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2352-177-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/2352-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2352-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2500-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2596-15-0x0000000004CA0000-0x0000000004CBF000-memory.dmp

Filesize
124KB

Download
memory/2596-98-0x0000000004CB0000-0x0000000004CCF000-memory.dmp

Filesize
124KB

Download
memory/2596-182-0x0000000004CC0000-0x0000000004CDF000-memory.dmp

Filesize
124KB

Download
memory/2596-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2596-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2596-72-0x0000000004CB0000-0x0000000004CCF000-memory.dmp

Filesize
124KB

Download
memory/2596-76-0x0000000004CA0000-0x0000000004CBF000-memory.dmp

Filesize
124KB

Download
memory/2596-156-0x0000000004CC0000-0x0000000004CDF000-memory.dmp

Filesize
124KB

Download
memory/2620-150-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2620-179-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2640-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2640-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-47-0x0000000002140000-0x000000000215F000-memory.dmp

Filesize
124KB

Download
memory/2660-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2788-154-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2800-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2800-136-0x0000000001E80000-0x0000000001E9F000-memory.dmp

Filesize
124KB

Download
memory/2800-175-0x0000000001EA0000-0x0000000001EBF000-memory.dmp

Filesize
124KB

Download
memory/2800-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2812-127-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/2812-112-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/2812-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2812-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2916-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2916-183-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2920-181-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2920-155-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2932-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2932-103-0x0000000000820000-0x000000000083F000-memory.dmp

Filesize
124KB

Download
memory/2932-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3004-172-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-119-0x00000000044B0000-0x00000000044CF000-memory.dmp

Filesize
124KB

Download
memory/3064-70-0x0000000004570000-0x000000000458F000-memory.dmp

Filesize
124KB

Download
memory/3064-48-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3064-126-0x0000000004A60000-0x0000000004A7F000-memory.dmp

Filesize
124KB

Download
memory/3064-95-0x0000000004570000-0x000000000458F000-memory.dmp

Filesize
124KB

Download
memory/3064-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3064-111-0x0000000004A60000-0x0000000004A7F000-memory.dmp

Filesize
124KB

Download