1ad4ad80989766a3ceb74049c2ad9a923dbee9f09f2b87a10c6cc087e045ef23

Analysis

max time kernel
118s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69096228777184aa9efce40475cf8f00N.exe
Size

731KB
MD5

69096228777184aa9efce40475cf8f00
SHA1

044af74c464e49447bc47630eb0b5e45416ff5ad
SHA256

1ad4ad80989766a3ceb74049c2ad9a923dbee9f09f2b87a10c6cc087e045ef23
SHA512

517cf5871b4913aee7032b7eafb1b83d5ca44109fbd23c7964699e7c04d992d73cf3c6be8c230fe4f9d0bcdeb6cfe16e0ab584fa95eac77a34964c2991ca7594
SSDEEP

12288:NPKL+0EoCfb+s2XilZhUdUfzKLE+dTbyvZKa6WvWFUQAuXznu8sMzN2TVHU7ISNO:NSLlEoCfeefULLHVyRKGWeLuTaI2T1Uy

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	69096228777184aa9efce40475cf8f00N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1548-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00070000000234d6-5.dat	upx
behavioral2/memory/4476-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4724-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4876-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2060-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1704-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1536-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2380-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4864-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1548-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2908-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2216-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2636-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4476-247-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4724-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/404-254-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4960-253-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/116-252-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4876-251-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1704-259-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-260-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4864-261-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1536-258-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1892-257-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2084-256-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2060-255-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5056-262-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-263-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1800-264-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3984-267-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2216-266-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2888-270-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2164-269-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2636-268-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2908-265-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1540-271-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/404-273-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4960-272-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1892-277-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2196-284-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3464-283-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4412-282-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2684-281-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2280-280-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2640-279-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3600-278-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2172-293-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5024-292-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1840-291-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2828-290-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1168-289-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/860-288-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2760-287-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2584-286-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4404-285-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5712-298-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5744-302-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5760-304-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5720-303-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1800-299-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5736-301-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	69096228777184aa9efce40475cf8f00N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\Z:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\B:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\L:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\Q:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\R:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\E:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\J:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\O:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\N:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\P:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\T:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\W:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\X:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\A:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\I:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\M:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\S:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\V:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\Y:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\G:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\H:	69096228777184aa9efce40475cf8f00N.exe
File opened (read-only)	\??\K:	69096228777184aa9efce40475cf8f00N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob fucking big black hairunshaved .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian animal blowjob licking .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french handjob girls bedroom (Britney,Britney).zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\System32\DriverStore\Temp\danish animal lesbian .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black handjob hidden mature .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse action full movie .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\trambling horse hot (!) (Sonja).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american kicking full movie .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\british horse action licking .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian horse [free] ash balls .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese trambling animal big boobs .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake hardcore full movie mistress .mpg.exe	69096228777184aa9efce40475cf8f00N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\african bukkake public wifey .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian bukkake big .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fetish hot (!) nipples mature .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian horse lingerie several models boots .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Common Files\microsoft shared\danish fucking girls upskirt .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\dotnet\shared\asian bukkake lesbian (Jenna).rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american nude xxx hot (!) .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Google\Temp\fetish uncut sm .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\horse catfight stockings .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia horse gay [milf] latex .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\spanish horse horse lesbian feet (Jenna,Sonja).rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish horse horse licking glans ¼ë .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\spanish horse gay full movie fishy .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm full movie .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beastiality masturbation feet ash .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish cum public titts shoes .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\xxx hidden .mpg.exe	69096228777184aa9efce40475cf8f00N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\kicking uncut lady .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\horse several models cock redhair (Tatjana,Sarah).mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fetish lesbian boobs ash .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\xxx public shoes .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\nude hidden (Sonja,Melissa).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\CbsTemp\malaysia blowjob fucking catfight high heels .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german trambling several models young (Sonja,Sylvia).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking animal voyeur hole (Jade,Sandy).zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lingerie fetish hot (!) (Sarah).rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\german beastiality bukkake [bangbus] cock beautyfull (Curtney).zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore masturbation .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african bukkake uncut Ôï .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse fetish [milf] .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\russian hardcore sperm girls legs .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\danish horse beast girls glans femdom .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\sperm cum catfight leather .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\handjob hidden ejaculation .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\asian handjob catfight cock 40+ .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\danish horse bukkake full movie feet girly (Christine).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\chinese fetish hardcore [free] wifey (Sonja,Sarah).avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\nude [bangbus] beautyfull .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\animal voyeur ash .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black gay blowjob sleeping 40+ (Jade,Curtney).avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\kicking public feet mistress .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian fetish lesbian [milf] .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\animal cumshot hidden glans black hairunshaved .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\american fucking kicking catfight nipples YEâPSè& .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\chinese animal licking sm .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\horse public 50+ (Gina,Janette).rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\porn hot (!) swallow .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\russian xxx lesbian .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling fetish public wifey (Melissa,Tatjana).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\gang bang action licking ash stockings .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese handjob bukkake full movie ash .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\gang bang hot (!) glans ejaculation (Sylvia).avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\animal beast [milf] sm .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british fucking several models fishy .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\american fucking fucking voyeur ash .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\german action beast public gorgeoushorny (Anniston,Sandy).avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\gang bang nude sleeping .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\bukkake full movie .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\nude big vagina mistress .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black horse gang bang voyeur (Sandy).avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\british handjob public .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\bukkake hidden stockings (Sonja,Ashley).mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\cum gay hot (!) .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\hardcore uncut sm .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\mssrv.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\InputMethod\SHARED\gang bang horse [free] 40+ (Samantha).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay [free] ejaculation .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\japanese beastiality girls swallow (Anniston).rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\gang bang xxx hidden beautyfull .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\assembly\temp\lesbian horse hot (!) blondie .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\blowjob sperm [milf] .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\french lingerie masturbation latex .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse gang bang licking blondie .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\porn xxx sleeping feet .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\norwegian nude blowjob [bangbus] .rar.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum horse masturbation sm .zip.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\gang bang beastiality girls cock shoes .mpeg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\russian sperm horse full movie (Anniston,Christine).mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\german blowjob hardcore girls sweet .avi.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese lesbian hot (!) vagina beautyfull .mpg.exe	69096228777184aa9efce40475cf8f00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\porn action [milf] beautyfull .rar.exe	69096228777184aa9efce40475cf8f00N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1548	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
2060	69096228777184aa9efce40475cf8f00N.exe
2060	69096228777184aa9efce40475cf8f00N.exe
1536	69096228777184aa9efce40475cf8f00N.exe
1536	69096228777184aa9efce40475cf8f00N.exe
1704	69096228777184aa9efce40475cf8f00N.exe
1704	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
2380	69096228777184aa9efce40475cf8f00N.exe
2380	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
4864	69096228777184aa9efce40475cf8f00N.exe
4864	69096228777184aa9efce40475cf8f00N.exe
1876	69096228777184aa9efce40475cf8f00N.exe
1876	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
1548	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
4476	69096228777184aa9efce40475cf8f00N.exe
4884	69096228777184aa9efce40475cf8f00N.exe
4884	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4724	69096228777184aa9efce40475cf8f00N.exe
4312	69096228777184aa9efce40475cf8f00N.exe
4312	69096228777184aa9efce40475cf8f00N.exe
2908	69096228777184aa9efce40475cf8f00N.exe
2908	69096228777184aa9efce40475cf8f00N.exe
2060	69096228777184aa9efce40475cf8f00N.exe
2060	69096228777184aa9efce40475cf8f00N.exe
2216	69096228777184aa9efce40475cf8f00N.exe
2216	69096228777184aa9efce40475cf8f00N.exe
1536	69096228777184aa9efce40475cf8f00N.exe
1536	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
4876	69096228777184aa9efce40475cf8f00N.exe
2636	69096228777184aa9efce40475cf8f00N.exe
2636	69096228777184aa9efce40475cf8f00N.exe
1904	69096228777184aa9efce40475cf8f00N.exe
1904	69096228777184aa9efce40475cf8f00N.exe
1704	69096228777184aa9efce40475cf8f00N.exe
1704	69096228777184aa9efce40475cf8f00N.exe
2380	69096228777184aa9efce40475cf8f00N.exe
2380	69096228777184aa9efce40475cf8f00N.exe
4960	69096228777184aa9efce40475cf8f00N.exe
4960	69096228777184aa9efce40475cf8f00N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 4476	1548	69096228777184aa9efce40475cf8f00N.exe	86
PID 1548 wrote to memory of 4476	1548	69096228777184aa9efce40475cf8f00N.exe	86
PID 1548 wrote to memory of 4476	1548	69096228777184aa9efce40475cf8f00N.exe	86
PID 4476 wrote to memory of 4724	4476	69096228777184aa9efce40475cf8f00N.exe	87
PID 4476 wrote to memory of 4724	4476	69096228777184aa9efce40475cf8f00N.exe	87
PID 4476 wrote to memory of 4724	4476	69096228777184aa9efce40475cf8f00N.exe	87
PID 1548 wrote to memory of 4876	1548	69096228777184aa9efce40475cf8f00N.exe	88
PID 1548 wrote to memory of 4876	1548	69096228777184aa9efce40475cf8f00N.exe	88
PID 1548 wrote to memory of 4876	1548	69096228777184aa9efce40475cf8f00N.exe	88
PID 4476 wrote to memory of 2060	4476	69096228777184aa9efce40475cf8f00N.exe	89
PID 4476 wrote to memory of 2060	4476	69096228777184aa9efce40475cf8f00N.exe	89
PID 4476 wrote to memory of 2060	4476	69096228777184aa9efce40475cf8f00N.exe	89
PID 1548 wrote to memory of 1536	1548	69096228777184aa9efce40475cf8f00N.exe	90
PID 1548 wrote to memory of 1536	1548	69096228777184aa9efce40475cf8f00N.exe	90
PID 1548 wrote to memory of 1536	1548	69096228777184aa9efce40475cf8f00N.exe	90
PID 4724 wrote to memory of 1704	4724	69096228777184aa9efce40475cf8f00N.exe	91
PID 4724 wrote to memory of 1704	4724	69096228777184aa9efce40475cf8f00N.exe	91
PID 4724 wrote to memory of 1704	4724	69096228777184aa9efce40475cf8f00N.exe	91
PID 4876 wrote to memory of 2380	4876	69096228777184aa9efce40475cf8f00N.exe	92
PID 4876 wrote to memory of 2380	4876	69096228777184aa9efce40475cf8f00N.exe	92
PID 4876 wrote to memory of 2380	4876	69096228777184aa9efce40475cf8f00N.exe	92
PID 4476 wrote to memory of 4864	4476	69096228777184aa9efce40475cf8f00N.exe	93
PID 4476 wrote to memory of 4864	4476	69096228777184aa9efce40475cf8f00N.exe	93
PID 4476 wrote to memory of 4864	4476	69096228777184aa9efce40475cf8f00N.exe	93
PID 1548 wrote to memory of 1876	1548	69096228777184aa9efce40475cf8f00N.exe	94
PID 1548 wrote to memory of 1876	1548	69096228777184aa9efce40475cf8f00N.exe	94
PID 1548 wrote to memory of 1876	1548	69096228777184aa9efce40475cf8f00N.exe	94
PID 4724 wrote to memory of 4884	4724	69096228777184aa9efce40475cf8f00N.exe	95
PID 4724 wrote to memory of 4884	4724	69096228777184aa9efce40475cf8f00N.exe	95
PID 4724 wrote to memory of 4884	4724	69096228777184aa9efce40475cf8f00N.exe	95
PID 2060 wrote to memory of 4312	2060	69096228777184aa9efce40475cf8f00N.exe	96
PID 2060 wrote to memory of 4312	2060	69096228777184aa9efce40475cf8f00N.exe	96
PID 2060 wrote to memory of 4312	2060	69096228777184aa9efce40475cf8f00N.exe	96
PID 1536 wrote to memory of 2908	1536	69096228777184aa9efce40475cf8f00N.exe	97
PID 1536 wrote to memory of 2908	1536	69096228777184aa9efce40475cf8f00N.exe	97
PID 1536 wrote to memory of 2908	1536	69096228777184aa9efce40475cf8f00N.exe	97
PID 4876 wrote to memory of 2216	4876	69096228777184aa9efce40475cf8f00N.exe	98
PID 4876 wrote to memory of 2216	4876	69096228777184aa9efce40475cf8f00N.exe	98
PID 4876 wrote to memory of 2216	4876	69096228777184aa9efce40475cf8f00N.exe	98
PID 1704 wrote to memory of 2636	1704	69096228777184aa9efce40475cf8f00N.exe	99
PID 1704 wrote to memory of 2636	1704	69096228777184aa9efce40475cf8f00N.exe	99
PID 1704 wrote to memory of 2636	1704	69096228777184aa9efce40475cf8f00N.exe	99
PID 2380 wrote to memory of 1904	2380	69096228777184aa9efce40475cf8f00N.exe	100
PID 2380 wrote to memory of 1904	2380	69096228777184aa9efce40475cf8f00N.exe	100
PID 2380 wrote to memory of 1904	2380	69096228777184aa9efce40475cf8f00N.exe	100
PID 1548 wrote to memory of 116	1548	69096228777184aa9efce40475cf8f00N.exe	101
PID 1548 wrote to memory of 116	1548	69096228777184aa9efce40475cf8f00N.exe	101
PID 1548 wrote to memory of 116	1548	69096228777184aa9efce40475cf8f00N.exe	101
PID 4476 wrote to memory of 4960	4476	69096228777184aa9efce40475cf8f00N.exe	102
PID 4476 wrote to memory of 4960	4476	69096228777184aa9efce40475cf8f00N.exe	102
PID 4476 wrote to memory of 4960	4476	69096228777184aa9efce40475cf8f00N.exe	102
PID 4724 wrote to memory of 404	4724	69096228777184aa9efce40475cf8f00N.exe	103
PID 4724 wrote to memory of 404	4724	69096228777184aa9efce40475cf8f00N.exe	103
PID 4724 wrote to memory of 404	4724	69096228777184aa9efce40475cf8f00N.exe	103
PID 4864 wrote to memory of 2084	4864	69096228777184aa9efce40475cf8f00N.exe	104
PID 4864 wrote to memory of 2084	4864	69096228777184aa9efce40475cf8f00N.exe	104
PID 4864 wrote to memory of 2084	4864	69096228777184aa9efce40475cf8f00N.exe	104
PID 1876 wrote to memory of 1892	1876	69096228777184aa9efce40475cf8f00N.exe	105
PID 1876 wrote to memory of 1892	1876	69096228777184aa9efce40475cf8f00N.exe	105
PID 1876 wrote to memory of 1892	1876	69096228777184aa9efce40475cf8f00N.exe	105
PID 1536 wrote to memory of 1472	1536	69096228777184aa9efce40475cf8f00N.exe	106
PID 1536 wrote to memory of 1472	1536	69096228777184aa9efce40475cf8f00N.exe	106
PID 1536 wrote to memory of 1472	1536	69096228777184aa9efce40475cf8f00N.exe	106
PID 4876 wrote to memory of 4404	4876	69096228777184aa9efce40475cf8f00N.exe	107

C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
"C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:19704
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:19484
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:3656
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:19712
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:1780
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:3964
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:4048
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:8832
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:15996
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        7⤵
        
        PID:19476
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16240
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:15780
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:19468
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16200
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16312
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:8548
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:12216
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:8132
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16280
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:164
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:2840
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:8464
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:12004
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:16004
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:4792
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:1984
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:8540
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:12240
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:16248
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:116
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:3424
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
      "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:13324
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:3336
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:624
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:1384
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:4208
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:6376
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:11884
- - C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
    3⤵
    PID:4580
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:8524
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:12316
- C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe
  "C:\Users\Admin\AppData\Local\Temp\69096228777184aa9efce40475cf8f00N.exe"
  2⤵
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian bukkake big .zip.exe

Filesize
1.7MB

MD5
e07a1f19ae022ae2c0d0556b7ad829ec

SHA1
dc37300d8e53f13fa6a1fe6a8d0eba9e51808c3a

SHA256
ceccf5789e074b30f88e19ce3140b190025a4b9f53e3297e54d70f5e0783015f

SHA512
184d870459a5fd44ae91fc37234b226af12039d86f211c2fe440127fb03ef9dd8f0b4fa3c8adde4245dd91fe46fa8461c8694e9551e0c68242ba34ea6f495955

Download Submit
memory/116-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/404-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/404-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/624-343-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/860-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1168-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1536-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1536-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1540-312-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1540-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1548-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1548-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1704-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1704-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1800-299-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1800-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1840-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1892-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1892-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2084-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2164-309-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2164-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-293-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2196-341-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2196-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2216-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2216-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-337-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2380-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2584-344-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2584-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2636-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2636-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-336-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2684-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2684-338-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-345-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2828-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2888-310-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2888-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2908-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2908-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3464-340-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3464-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3600-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3600-335-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3984-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4404-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4412-339-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4412-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4724-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4724-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4876-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4876-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4960-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4960-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5024-292-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5056-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5712-298-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5720-303-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5728-300-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5736-301-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5744-302-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5760-304-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5848-305-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5856-306-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5876-307-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5884-308-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5956-311-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6236-319-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6244-322-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6260-323-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6292-324-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6300-325-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-326-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6316-327-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6324-328-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6332-329-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6340-330-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6348-331-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6360-332-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6368-333-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6384-334-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download