3ab98b4b2d5e8507fbf90512a30967e26c478a5b8445874abf9ab3a42691eb49

Analysis

max time kernel
12s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4048bce9a003ee83f36c09e1315688c0N.exe
Size

197KB
MD5

4048bce9a003ee83f36c09e1315688c0
SHA1

8420a05d78b603730b7f91db6d4c8293e508d6e7
SHA256

3ab98b4b2d5e8507fbf90512a30967e26c478a5b8445874abf9ab3a42691eb49
SHA512

90afb14aa4cee32d4472c2e3baaad843cd38742c0fe075086fa651eeb9e3b92c1ae6ead7411ce1cc0712c189f4d46d66161fad144c4a8805d5e19118f1c55f90
SSDEEP

6144:VjluQoSv4DSIo5R4nM/40yDsviiqpVpbHOFSLv5mLYGTT:VEQoSfqwv6p6kTQL7

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	4048bce9a003ee83f36c09e1315688c0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2556-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00080000000234d2-5.dat	upx
behavioral2/memory/2176-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/784-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3784-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1556-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1684-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3032-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4848-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2556-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3904-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1936-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2644-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1528-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4584-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4976-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/760-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1832-247-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3812-251-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/784-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2556-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3704-252-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1604-256-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1556-255-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4424-254-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3784-253-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2644-260-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3032-259-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4848-258-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1684-257-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/848-262-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1936-261-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1528-263-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4932-265-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4976-264-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/760-266-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3704-268-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1040-269-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3888-270-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3812-267-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4424-271-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1604-275-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2300-277-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5124-282-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2604-280-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4692-279-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4336-278-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/848-281-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1580-276-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6004-292-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5980-289-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4932-288-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6344-302-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6296-301-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2248-300-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6060-299-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6052-298-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6044-297-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6028-296-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6020-295-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3888-294-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5996-291-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4064-290-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5964-287-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4048bce9a003ee83f36c09e1315688c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\H:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\K:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\R:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\U:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\W:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Y:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\J:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\P:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\S:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\T:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\N:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\O:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\X:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Z:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\A:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\B:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\E:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\I:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\L:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\M:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Q:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\V:	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob lesbian .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american action lingerie girls glans boots .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling [milf] (Karin).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian horse hardcore hot (!) 40+ .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish cumshot lingerie lesbian titts .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx hot (!) feet stockings (Sarah).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cum blowjob hot (!) (Jade).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian porn gay public shoes .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black kicking xxx voyeur cock leather .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish beastiality gay masturbation lady .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay hidden high heels (Anniston,Tatjana).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian gang bang gay [bangbus] .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian cum sperm catfight ash .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american animal beast hot (!) pregnant .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese horse fucking sleeping .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish horse hardcore public traffic .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8898.tmp\trambling voyeur lady .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\dotnet\shared\american gang bang sperm [free] feet redhair (Liz).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian kicking gay [bangbus] glans boots .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\blowjob [milf] (Jade).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\lesbian lesbian (Janette).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish action lingerie hidden (Janette).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish gang bang sperm voyeur beautyfull .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling catfight femdom .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian beastiality horse uncut (Jade).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian kicking lingerie licking .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake full movie glans traffic .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore hidden young .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian fetish sperm sleeping wifey (Anniston,Liz).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish lesbian full movie feet .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Google\Temp\horse voyeur cock mature .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\blowjob voyeur .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian action blowjob public 50+ .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish cumshot lingerie lesbian high heels (Britney,Karin).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Downloaded Program Files\italian horse sperm hot (!) stockings (Britney,Melissa).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\InputMethod\SHARED\indian handjob xxx catfight .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian handjob gay sleeping .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian gang bang hardcore full movie ¤ç .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast several models pregnant .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\african trambling hidden cock lady (Liz).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\cumshot bukkake [bangbus] hairy .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german blowjob sleeping .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\brasilian fetish xxx voyeur titts blondie .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\PLA\Templates\japanese fetish trambling licking feet hotel .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie hot (!) titts shoes .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian lingerie voyeur cock .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cumshot xxx masturbation hole .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cum lingerie hot (!) feet mature .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cum blowjob several models .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\swedish kicking blowjob [milf] (Sarah).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\kicking horse hot (!) .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia gay lesbian hole .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian nude blowjob licking traffic .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese porn trambling [bangbus] latex .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\asian lingerie full movie redhair .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\japanese kicking sperm full movie castration (Sandy,Tatjana).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fucking public black hairunshaved .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\security\templates\italian handjob trambling catfight glans girly .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\mssrv.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx uncut stockings .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\italian cum lesbian sleeping (Melissa).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\russian handjob fucking several models balls (Jenna,Jade).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\trambling catfight .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling hot (!) cock shower .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\african bukkake lesbian hole (Christine,Samantha).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian cumshot sperm [bangbus] wifey .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\beast [free] titts shoes (Jade).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob lesbian cock .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm masturbation .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian nude xxx several models bedroom .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american action blowjob girls (Melissa).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\fucking voyeur mature .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish beastiality bukkake masturbation .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\temp\black cumshot sperm lesbian Ôï .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian action lingerie girls shoes .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm uncut glans .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie [free] girly (Sonja,Karin).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\kicking hardcore hot (!) cock lady (Karin).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\nude hardcore voyeur feet (Sandy,Jade).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\african sperm full movie hole .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\canadian blowjob full movie feet bondage .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\CbsTemp\tyrkish cumshot trambling [free] titts sweet .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian horse xxx several models wifey .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\swedish nude horse sleeping .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\black fetish gay licking cock bedroom (Tatjana).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\french hardcore lesbian beautyfull .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\chinese xxx catfight cock .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\danish action trambling public 40+ .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\british fucking masturbation (Curtney).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black handjob xxx masturbation young .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian cumshot fucking lesbian titts .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\gang bang hardcore [bangbus] .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\danish fetish blowjob full movie (Sarah).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian animal gay [free] shower .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian beastiality beast girls (Sarah).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2556	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
1832	4048bce9a003ee83f36c09e1315688c0N.exe
1832	4048bce9a003ee83f36c09e1315688c0N.exe
784	4048bce9a003ee83f36c09e1315688c0N.exe
784	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
3784	4048bce9a003ee83f36c09e1315688c0N.exe
3784	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
1556	4048bce9a003ee83f36c09e1315688c0N.exe
1556	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
1684	4048bce9a003ee83f36c09e1315688c0N.exe
1684	4048bce9a003ee83f36c09e1315688c0N.exe
4848	4048bce9a003ee83f36c09e1315688c0N.exe
4848	4048bce9a003ee83f36c09e1315688c0N.exe
3032	4048bce9a003ee83f36c09e1315688c0N.exe
3032	4048bce9a003ee83f36c09e1315688c0N.exe
1832	4048bce9a003ee83f36c09e1315688c0N.exe
1832	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
2556	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
3904	4048bce9a003ee83f36c09e1315688c0N.exe
2644	4048bce9a003ee83f36c09e1315688c0N.exe
2644	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
4584	4048bce9a003ee83f36c09e1315688c0N.exe
1936	4048bce9a003ee83f36c09e1315688c0N.exe
1936	4048bce9a003ee83f36c09e1315688c0N.exe
1528	4048bce9a003ee83f36c09e1315688c0N.exe
1528	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
2176	4048bce9a003ee83f36c09e1315688c0N.exe
4976	4048bce9a003ee83f36c09e1315688c0N.exe
4976	4048bce9a003ee83f36c09e1315688c0N.exe
3784	4048bce9a003ee83f36c09e1315688c0N.exe
3784	4048bce9a003ee83f36c09e1315688c0N.exe
784	4048bce9a003ee83f36c09e1315688c0N.exe
784	4048bce9a003ee83f36c09e1315688c0N.exe
760	4048bce9a003ee83f36c09e1315688c0N.exe
760	4048bce9a003ee83f36c09e1315688c0N.exe
1556	4048bce9a003ee83f36c09e1315688c0N.exe
1556	4048bce9a003ee83f36c09e1315688c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3904	2556	4048bce9a003ee83f36c09e1315688c0N.exe	89
PID 2556 wrote to memory of 3904	2556	4048bce9a003ee83f36c09e1315688c0N.exe	89
PID 2556 wrote to memory of 3904	2556	4048bce9a003ee83f36c09e1315688c0N.exe	89
PID 2556 wrote to memory of 4584	2556	4048bce9a003ee83f36c09e1315688c0N.exe	92
PID 2556 wrote to memory of 4584	2556	4048bce9a003ee83f36c09e1315688c0N.exe	92
PID 2556 wrote to memory of 4584	2556	4048bce9a003ee83f36c09e1315688c0N.exe	92
PID 3904 wrote to memory of 2176	3904	4048bce9a003ee83f36c09e1315688c0N.exe	93
PID 3904 wrote to memory of 2176	3904	4048bce9a003ee83f36c09e1315688c0N.exe	93
PID 3904 wrote to memory of 2176	3904	4048bce9a003ee83f36c09e1315688c0N.exe	93
PID 2556 wrote to memory of 1832	2556	4048bce9a003ee83f36c09e1315688c0N.exe	95
PID 2556 wrote to memory of 1832	2556	4048bce9a003ee83f36c09e1315688c0N.exe	95
PID 2556 wrote to memory of 1832	2556	4048bce9a003ee83f36c09e1315688c0N.exe	95
PID 3904 wrote to memory of 784	3904	4048bce9a003ee83f36c09e1315688c0N.exe	96
PID 3904 wrote to memory of 784	3904	4048bce9a003ee83f36c09e1315688c0N.exe	96
PID 3904 wrote to memory of 784	3904	4048bce9a003ee83f36c09e1315688c0N.exe	96
PID 4584 wrote to memory of 3784	4584	4048bce9a003ee83f36c09e1315688c0N.exe	97
PID 4584 wrote to memory of 3784	4584	4048bce9a003ee83f36c09e1315688c0N.exe	97
PID 4584 wrote to memory of 3784	4584	4048bce9a003ee83f36c09e1315688c0N.exe	97
PID 2176 wrote to memory of 1556	2176	4048bce9a003ee83f36c09e1315688c0N.exe	98
PID 2176 wrote to memory of 1556	2176	4048bce9a003ee83f36c09e1315688c0N.exe	98
PID 2176 wrote to memory of 1556	2176	4048bce9a003ee83f36c09e1315688c0N.exe	98
PID 2556 wrote to memory of 1684	2556	4048bce9a003ee83f36c09e1315688c0N.exe	100
PID 2556 wrote to memory of 1684	2556	4048bce9a003ee83f36c09e1315688c0N.exe	100
PID 2556 wrote to memory of 1684	2556	4048bce9a003ee83f36c09e1315688c0N.exe	100
PID 1832 wrote to memory of 4848	1832	4048bce9a003ee83f36c09e1315688c0N.exe	101
PID 1832 wrote to memory of 4848	1832	4048bce9a003ee83f36c09e1315688c0N.exe	101
PID 1832 wrote to memory of 4848	1832	4048bce9a003ee83f36c09e1315688c0N.exe	101
PID 3904 wrote to memory of 3032	3904	4048bce9a003ee83f36c09e1315688c0N.exe	102
PID 3904 wrote to memory of 3032	3904	4048bce9a003ee83f36c09e1315688c0N.exe	102
PID 3904 wrote to memory of 3032	3904	4048bce9a003ee83f36c09e1315688c0N.exe	102
PID 4584 wrote to memory of 2644	4584	4048bce9a003ee83f36c09e1315688c0N.exe	103
PID 4584 wrote to memory of 2644	4584	4048bce9a003ee83f36c09e1315688c0N.exe	103
PID 4584 wrote to memory of 2644	4584	4048bce9a003ee83f36c09e1315688c0N.exe	103
PID 2176 wrote to memory of 1936	2176	4048bce9a003ee83f36c09e1315688c0N.exe	104
PID 2176 wrote to memory of 1936	2176	4048bce9a003ee83f36c09e1315688c0N.exe	104
PID 2176 wrote to memory of 1936	2176	4048bce9a003ee83f36c09e1315688c0N.exe	104
PID 784 wrote to memory of 1528	784	4048bce9a003ee83f36c09e1315688c0N.exe	105
PID 784 wrote to memory of 1528	784	4048bce9a003ee83f36c09e1315688c0N.exe	105
PID 784 wrote to memory of 1528	784	4048bce9a003ee83f36c09e1315688c0N.exe	105
PID 3784 wrote to memory of 4976	3784	4048bce9a003ee83f36c09e1315688c0N.exe	106
PID 3784 wrote to memory of 4976	3784	4048bce9a003ee83f36c09e1315688c0N.exe	106
PID 3784 wrote to memory of 4976	3784	4048bce9a003ee83f36c09e1315688c0N.exe	106
PID 1556 wrote to memory of 760	1556	4048bce9a003ee83f36c09e1315688c0N.exe	107
PID 1556 wrote to memory of 760	1556	4048bce9a003ee83f36c09e1315688c0N.exe	107
PID 1556 wrote to memory of 760	1556	4048bce9a003ee83f36c09e1315688c0N.exe	107
PID 1832 wrote to memory of 3704	1832	4048bce9a003ee83f36c09e1315688c0N.exe	108
PID 1832 wrote to memory of 3704	1832	4048bce9a003ee83f36c09e1315688c0N.exe	108
PID 1832 wrote to memory of 3704	1832	4048bce9a003ee83f36c09e1315688c0N.exe	108
PID 2556 wrote to memory of 3812	2556	4048bce9a003ee83f36c09e1315688c0N.exe	109
PID 2556 wrote to memory of 3812	2556	4048bce9a003ee83f36c09e1315688c0N.exe	109
PID 2556 wrote to memory of 3812	2556	4048bce9a003ee83f36c09e1315688c0N.exe	109
PID 3904 wrote to memory of 1040	3904	4048bce9a003ee83f36c09e1315688c0N.exe	110
PID 3904 wrote to memory of 1040	3904	4048bce9a003ee83f36c09e1315688c0N.exe	110
PID 3904 wrote to memory of 1040	3904	4048bce9a003ee83f36c09e1315688c0N.exe	110
PID 3032 wrote to memory of 4424	3032	4048bce9a003ee83f36c09e1315688c0N.exe	111
PID 3032 wrote to memory of 4424	3032	4048bce9a003ee83f36c09e1315688c0N.exe	111
PID 3032 wrote to memory of 4424	3032	4048bce9a003ee83f36c09e1315688c0N.exe	111
PID 4584 wrote to memory of 1604	4584	4048bce9a003ee83f36c09e1315688c0N.exe	112
PID 4584 wrote to memory of 1604	4584	4048bce9a003ee83f36c09e1315688c0N.exe	112
PID 4584 wrote to memory of 1604	4584	4048bce9a003ee83f36c09e1315688c0N.exe	112
PID 4848 wrote to memory of 4336	4848	4048bce9a003ee83f36c09e1315688c0N.exe	113
PID 4848 wrote to memory of 4336	4848	4048bce9a003ee83f36c09e1315688c0N.exe	113
PID 4848 wrote to memory of 4336	4848	4048bce9a003ee83f36c09e1315688c0N.exe	113
PID 1684 wrote to memory of 1580	1684	4048bce9a003ee83f36c09e1315688c0N.exe	114

C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
"C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3904
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:20252
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:21440
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22060
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:22044
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:21712
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21364
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19628
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20140
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:18456
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:20824
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:21640
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:20536
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19176
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:20332
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22052
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19588
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22508
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19236
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21056
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20260
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19864
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18788
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17768
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21920
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20324
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22036
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21172
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:12952
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:18212
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:20212
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:21120
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:20064
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:20100
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:21904
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:20056
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21632
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20072
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:21944
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21888
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21048
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18740
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21024
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:1048
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:12560
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:18020
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:20492
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19636
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21164
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:20164
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:20048
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21112
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17600
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6104
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:12664
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:18048
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21308
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21912
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6816
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21328
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:19516
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:16188
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:632
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:11852
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:16452
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21896
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:16888
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21196
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:13932
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:19716
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:5196
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10844
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:15048
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:21032
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:6764
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:17564
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:9024
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:17332
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:12532
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:17916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling catfight femdom .zip.exe

Filesize
1.1MB

MD5
d13aa129fbf502c69cdd189b0cd040df

SHA1
6e38b263278c42597e5b4b4b3ad9d23eae979be4

SHA256
353c8bc5d457b6f4fc3e7103ede169c5566a4ef12ce02ee07c82601f82b8a53e

SHA512
019327418e39309deba0530f1f4f0afb41e6e63d25eaa11e81690106ad3c3fb423522034c1f8244bac5736b984d67ae14012660009fca24d8b43694c49ec39b0

Download Submit
memory/740-309-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/760-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/760-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/784-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/784-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1040-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1528-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1528-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1556-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1556-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1580-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1604-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1604-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1684-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1684-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1832-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1936-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1936-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2176-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2248-300-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2300-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2556-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2556-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2556-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2556-352-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-307-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3032-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3032-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3432-317-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3704-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3704-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3784-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3784-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3812-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3812-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3856-308-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3888-294-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3888-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3904-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4064-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4116-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4336-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4424-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4424-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4584-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4932-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4932-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4976-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4976-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5028-303-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5124-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5124-318-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-310-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-304-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5148-311-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5156-305-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5164-319-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5172-312-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5180-313-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5188-314-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5196-315-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5204-316-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5964-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5964-321-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5972-322-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5980-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5980-324-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5988-325-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5996-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5996-326-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6004-327-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6004-292-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6012-328-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6020-295-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6020-333-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6028-334-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6028-296-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6044-297-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6044-335-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6052-298-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6060-299-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-301-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6344-302-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6352-306-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6544-320-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6600-323-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6720-329-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6756-330-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6764-331-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6772-332-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download