c801796057378ce71ed1f3340011b666928d797e46a36a5bf71a9d732fc55925

Analysis

max time kernel
15s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7edfe677a3c7d6c196fb61882bd07320N.exe
Size

855KB
MD5

7edfe677a3c7d6c196fb61882bd07320
SHA1

9c50a2c2ae16b3251689f57afabc7831bfb0c300
SHA256

c801796057378ce71ed1f3340011b666928d797e46a36a5bf71a9d732fc55925
SHA512

9d79a7c4a0bdf88616839c270e1417c49288137cf26466c17a2a533e49360366e8fa6e77ba021e405bd9ad311470fd232244e67d468d8e4c9d8fcb516b1b27f8
SSDEEP

12288:dXCNi9BJGabBgRpSTiS8t8w+LIn/98xkQCFMvY6e12s+ABZK03pXnP42gBxzXeVI:oWl9T38yy8eie12sLZDf4RxyV23VO1Xs

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	7edfe677a3c7d6c196fb61882bd07320N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7edfe677a3c7d6c196fb61882bd07320N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\R:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\V:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\K:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\O:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\I:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Y:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Z:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\A:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\H:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\U:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\W:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\X:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\E:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\T:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\J:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\L:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\M:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\N:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Q:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\S:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\B:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\G:	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian nude lesbian [milf] ash fishy .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal licking nipples balls .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish kicking hidden Ôï (Kathrin,Kathrin).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\cumshot bukkake girls ash upskirt .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay animal sleeping .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish bukkake [free] .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\System32\DriverStore\Temp\norwegian xxx lesbian vagina swallow (Gina).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian blowjob uncut bondage .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum masturbation (Sandy).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian voyeur .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german gang bang several models .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian handjob horse girls .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\cumshot lesbian femdom .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\action fucking several models ash .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian xxx [free] .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african fetish [free] glans .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore xxx several models nipples circumcision (Gina,Jade).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Google\Temp\american kicking bukkake several models legs (Curtney).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian gang bang uncut .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\chinese fetish beast big hotel .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish xxx bukkake big .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american horse xxx hot (!) ejaculation .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian horse public .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese fucking [free] bondage .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian nude masturbation (Sarah).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast lingerie big .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish hardcore cum big legs shower .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\dotnet\shared\nude horse lesbian circumcision .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast sleeping feet .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking [milf] .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore [milf] hole lady .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian action cumshot catfight bondage (Christine,Gina).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\action licking (Jade).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\russian nude catfight sweet .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\blowjob kicking uncut traffic .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\malaysia horse sperm public 50+ .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\beast kicking [free] (Anniston,Sarah).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\mssrv.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore gay hidden girly .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\indian action masturbation upskirt (Karin,Janette).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse action [milf] ash penetration .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\tyrkish sperm xxx several models .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia gang bang cumshot [milf] hole (Sonja).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\nude beast [milf] titts femdom (Liz).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\canadian fucking hidden hole ejaculation .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\chinese nude hidden .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\canadian horse hardcore [bangbus] .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african hardcore hot (!) (Gina,Janette).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse [bangbus] hole (Melissa,Sylvia).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black handjob full movie granny .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\spanish horse lingerie girls high heels (Curtney,Janette).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\spanish porn public legs girly .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\spanish horse [milf] (Jade,Karin).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia cum fetish masturbation (Britney).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\bukkake hidden cock latex .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\swedish xxx hardcore hidden hotel (Liz,Melissa).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\swedish beast [milf] ash pregnant .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\black action catfight .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\french gang bang [bangbus] feet .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking licking glans 40+ .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Downloaded Program Files\asian handjob xxx lesbian balls .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian hidden latex .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay sleeping balls (Sonja,Sonja).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beast horse full movie 40+ (Ashley).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish lingerie animal public .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish fucking beast big ¼ë (Anniston).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\gay action public .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cum full movie titts Ôï (Tatjana).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia fucking action [milf] (Gina).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\chinese lesbian voyeur traffic (Liz,Sonja).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\chinese fucking big high heels .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\temp\bukkake voyeur young .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish beast voyeur boots .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake voyeur ¼ë .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\PLA\Templates\african fucking blowjob uncut legs (Liz).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\action masturbation redhair .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\spanish xxx kicking [bangbus] boobs granny .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake bukkake full movie .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\japanese trambling licking glans ejaculation (Sonja).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\russian cum beastiality voyeur fishy .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\sperm voyeur stockings .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\italian cum gang bang [bangbus] (Ashley).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\blowjob sperm public glans .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian gay cumshot big young .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\nude lingerie [milf] (Liz).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\italian handjob gang bang full movie girly .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish beast beast hot (!) .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african horse sleeping legs ash .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\british horse masturbation hole 40+ .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lingerie lingerie licking ash shower .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\security\templates\hardcore voyeur feet wifey .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse [milf] legs blondie .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\italian nude lingerie catfight granny .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\japanese horse [free] legs (Sonja).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
1296	7edfe677a3c7d6c196fb61882bd07320N.exe
1296	7edfe677a3c7d6c196fb61882bd07320N.exe
4504	7edfe677a3c7d6c196fb61882bd07320N.exe
4504	7edfe677a3c7d6c196fb61882bd07320N.exe
1932	7edfe677a3c7d6c196fb61882bd07320N.exe
1932	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
5036	7edfe677a3c7d6c196fb61882bd07320N.exe
5036	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
2880	7edfe677a3c7d6c196fb61882bd07320N.exe
2880	7edfe677a3c7d6c196fb61882bd07320N.exe
1724	7edfe677a3c7d6c196fb61882bd07320N.exe
1724	7edfe677a3c7d6c196fb61882bd07320N.exe
3344	7edfe677a3c7d6c196fb61882bd07320N.exe
3344	7edfe677a3c7d6c196fb61882bd07320N.exe
1296	7edfe677a3c7d6c196fb61882bd07320N.exe
1296	7edfe677a3c7d6c196fb61882bd07320N.exe
3272	7edfe677a3c7d6c196fb61882bd07320N.exe
3272	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
4596	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
2224	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
4660	7edfe677a3c7d6c196fb61882bd07320N.exe
3564	7edfe677a3c7d6c196fb61882bd07320N.exe
3564	7edfe677a3c7d6c196fb61882bd07320N.exe
212	7edfe677a3c7d6c196fb61882bd07320N.exe
212	7edfe677a3c7d6c196fb61882bd07320N.exe
4452	7edfe677a3c7d6c196fb61882bd07320N.exe
4452	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
1556	7edfe677a3c7d6c196fb61882bd07320N.exe
4504	7edfe677a3c7d6c196fb61882bd07320N.exe
4504	7edfe677a3c7d6c196fb61882bd07320N.exe
2228	7edfe677a3c7d6c196fb61882bd07320N.exe
2228	7edfe677a3c7d6c196fb61882bd07320N.exe
1932	7edfe677a3c7d6c196fb61882bd07320N.exe
1932	7edfe677a3c7d6c196fb61882bd07320N.exe
5036	7edfe677a3c7d6c196fb61882bd07320N.exe
5036	7edfe677a3c7d6c196fb61882bd07320N.exe
2604	7edfe677a3c7d6c196fb61882bd07320N.exe
2604	7edfe677a3c7d6c196fb61882bd07320N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 2224	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	86
PID 4660 wrote to memory of 2224	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	86
PID 4660 wrote to memory of 2224	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	86
PID 4660 wrote to memory of 4596	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	91
PID 4660 wrote to memory of 4596	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	91
PID 4660 wrote to memory of 4596	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	91
PID 2224 wrote to memory of 1556	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	92
PID 2224 wrote to memory of 1556	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	92
PID 2224 wrote to memory of 1556	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	92
PID 4660 wrote to memory of 1296	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	93
PID 4660 wrote to memory of 1296	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	93
PID 4660 wrote to memory of 1296	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	93
PID 4596 wrote to memory of 4504	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	94
PID 4596 wrote to memory of 4504	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	94
PID 4596 wrote to memory of 4504	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	94
PID 2224 wrote to memory of 1932	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	95
PID 2224 wrote to memory of 1932	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	95
PID 2224 wrote to memory of 1932	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	95
PID 1556 wrote to memory of 5036	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	96
PID 1556 wrote to memory of 5036	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	96
PID 1556 wrote to memory of 5036	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	96
PID 1296 wrote to memory of 2880	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	98
PID 1296 wrote to memory of 2880	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	98
PID 1296 wrote to memory of 2880	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	98
PID 4660 wrote to memory of 3344	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	99
PID 4660 wrote to memory of 3344	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	99
PID 4660 wrote to memory of 3344	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	99
PID 4596 wrote to memory of 1724	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	100
PID 4596 wrote to memory of 1724	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	100
PID 4596 wrote to memory of 1724	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	100
PID 2224 wrote to memory of 3272	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	101
PID 2224 wrote to memory of 3272	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	101
PID 2224 wrote to memory of 3272	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	101
PID 4504 wrote to memory of 212	4504	7edfe677a3c7d6c196fb61882bd07320N.exe	102
PID 4504 wrote to memory of 212	4504	7edfe677a3c7d6c196fb61882bd07320N.exe	102
PID 4504 wrote to memory of 212	4504	7edfe677a3c7d6c196fb61882bd07320N.exe	102
PID 1556 wrote to memory of 3564	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	103
PID 1556 wrote to memory of 3564	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	103
PID 1556 wrote to memory of 3564	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	103
PID 1932 wrote to memory of 4452	1932	7edfe677a3c7d6c196fb61882bd07320N.exe	104
PID 1932 wrote to memory of 4452	1932	7edfe677a3c7d6c196fb61882bd07320N.exe	104
PID 1932 wrote to memory of 4452	1932	7edfe677a3c7d6c196fb61882bd07320N.exe	104
PID 5036 wrote to memory of 2228	5036	7edfe677a3c7d6c196fb61882bd07320N.exe	105
PID 5036 wrote to memory of 2228	5036	7edfe677a3c7d6c196fb61882bd07320N.exe	105
PID 5036 wrote to memory of 2228	5036	7edfe677a3c7d6c196fb61882bd07320N.exe	105
PID 1296 wrote to memory of 2604	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	107
PID 1296 wrote to memory of 2604	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	107
PID 1296 wrote to memory of 2604	1296	7edfe677a3c7d6c196fb61882bd07320N.exe	107
PID 4596 wrote to memory of 5008	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	108
PID 4596 wrote to memory of 5008	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	108
PID 4596 wrote to memory of 5008	4596	7edfe677a3c7d6c196fb61882bd07320N.exe	108
PID 2880 wrote to memory of 3628	2880	7edfe677a3c7d6c196fb61882bd07320N.exe	109
PID 2880 wrote to memory of 3628	2880	7edfe677a3c7d6c196fb61882bd07320N.exe	109
PID 2880 wrote to memory of 3628	2880	7edfe677a3c7d6c196fb61882bd07320N.exe	109
PID 2224 wrote to memory of 2460	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	110
PID 2224 wrote to memory of 2460	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	110
PID 2224 wrote to memory of 2460	2224	7edfe677a3c7d6c196fb61882bd07320N.exe	110
PID 4660 wrote to memory of 2004	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	111
PID 4660 wrote to memory of 2004	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	111
PID 4660 wrote to memory of 2004	4660	7edfe677a3c7d6c196fb61882bd07320N.exe	111
PID 1724 wrote to memory of 3988	1724	7edfe677a3c7d6c196fb61882bd07320N.exe	112
PID 1724 wrote to memory of 3988	1724	7edfe677a3c7d6c196fb61882bd07320N.exe	112
PID 1724 wrote to memory of 3988	1724	7edfe677a3c7d6c196fb61882bd07320N.exe	112
PID 1556 wrote to memory of 2044	1556	7edfe677a3c7d6c196fb61882bd07320N.exe	113

C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
"C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:18760
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:19452
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:19808
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:25072
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:25012
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Checks computer location settings
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21000
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21720
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18800
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24948
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:25060
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21104
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:20900
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:19612
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18660
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24988
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23528
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20608
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20632
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21752
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24964
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21736
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18676
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:22624
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:25052
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23496
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23504
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:19604
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:25020
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:25036
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20332
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23488
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19588
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:25080
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19920
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23472
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21020
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19816
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24956
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24980
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18792
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24972
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:25044
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10572
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14964
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:18868
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23320
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19620
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23480
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23768
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23512
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21948
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:25004
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18668
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23352
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19012
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24996
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:23312
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18684
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:23536
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20996
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18692
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19800
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18552
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:8512
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15876
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:19628
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23328
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24940
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19752
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:18440
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:25088
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19460
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20616
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19500
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19484
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19516
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14948
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:19492
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21744
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19444
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18816
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:19524
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:25028
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:23344
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:1068
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14788
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:18876
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:23544
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:18636
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:23520
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15120
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:18768
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:5132
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21108
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:19476
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:6440
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14992
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:19508
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:8748
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:23336
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:12116
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:16208
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:14984
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:18652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast sleeping feet .mpg.exe

Filesize
1.5MB

MD5
28c54f21b21fe576cf540b96ad633958

SHA1
e7cb484a3dc14db73545b1466e7d900920a16913

SHA256
38478f36b139694307e13c87082a2fc1b7b0457e5e437800892bcfa69a62b197

SHA512
51ff5c43f7c689c360c3c5b7613c59260262df789accd75c9d9b757a2aa8536ee082a1e9b8be6ab8555f963153e4128b56dc24e2374356905e375e688cfe9532

Download Submit
C:\debug.txt

Filesize
146B

MD5
56c42774c01b6dd9d53422bed76c6d01

SHA1
d2b89202464b24bcbb405e5a0975cd66955db0b8

SHA256
064e5b2a04ffe8ba8c9b55df2a495d369692b4cc4ceb75e9ba862878d69c3916

SHA512
95ad42bcc5a63b8255ac6c8610659aa024099fd7d9baee020b6381a88852dc0663e64637ec71ce887b57b3ce0785df34903a461b4e8af23e9ca713ee1b18e43d

Download Submit
memory/824-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1400-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1496-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1624-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1904-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1952-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2004-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2044-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2224-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2460-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2604-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2616-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2880-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3220-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3300-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3344-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3564-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3628-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3640-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3844-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4296-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4452-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4504-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4572-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4596-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4660-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5132-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5140-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5220-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5912-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5948-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5984-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5992-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6000-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6008-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6136-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6240-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6320-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6472-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6488-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7232-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7248-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7264-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7280-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7304-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7312-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7320-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7328-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7336-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7716-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7736-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7948-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7964-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7980-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8164-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8352-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8368-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8392-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8424-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8484-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8500-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8512-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8532-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8616-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8624-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8632-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8640-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8648-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8656-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8708-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8728-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8736-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8748-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8912-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9032-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9116-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9128-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9136-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9164-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9272-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9500-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9508-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9516-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9704-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10004-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10272-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10280-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10300-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10328-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10336-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10344-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10448-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10532-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download