61ed2a4a98db304cdf82c92ac84457cafb3696c6c59a02e6f7a035df58f4e276

Analysis

max time kernel
12s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Size

888KB
MD5

5aa568bb5f6eab2c3eb4ec0fb2b7b890
SHA1

ef5c9f8c286e4467d4f5766d72cd4240bb493853
SHA256

61ed2a4a98db304cdf82c92ac84457cafb3696c6c59a02e6f7a035df58f4e276
SHA512

89be61eed35011a10340f252f58b15532348b794136c379a710b5292f97ef6191d9c70e0a67600ccca211c636007fe3a72c5b298e4f4068fbcb7a895008f144b
SSDEEP

24576:t24hPKBPBnFHXzZrlOfiIYtyl0aCHSHj/U1:Q40BnF3qKIYVBSD/o

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3928-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00070000000234f1-5.dat	upx
behavioral2/memory/2376-42-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1264-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1876-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/316-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4328-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4584-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/552-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2940-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2032-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1464-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4136-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3928-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2376-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3872-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2164-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3928-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4328-251-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/316-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2856-254-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2124-253-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4584-252-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/552-255-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2208-256-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4860-258-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2940-257-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4572-259-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2032-262-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4136-261-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3484-260-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1464-263-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2416-264-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3024-267-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3512-265-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1520-268-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2164-266-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3264-271-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4688-270-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2000-269-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1140-273-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2856-272-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5180-283-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5172-282-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2208-277-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5188-284-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5160-281-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5252-285-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5152-280-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5128-279-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4860-278-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5204-289-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5196-288-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5140-287-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2968-286-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5008-294-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6080-296-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5408-301-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6148-303-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6288-308-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5520-302-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5512-300-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3024-299-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5396-298-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\J:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\L:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Q:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\U:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\W:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Z:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\E:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\I:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\K:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\N:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\H:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\T:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\V:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\P:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\R:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\S:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\X:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\A:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\B:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\M:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\O:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Y:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\blowjob hidden feet ejaculation .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian kicking hardcore several models feet (Sandy,Jade).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian fetish bukkake lesbian (Sylvia).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian nude bukkake uncut hole girly .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish cum sperm full movie (Sarah).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast [free] glans .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian action lesbian catfight feet femdom .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian lesbian [free] glans gorgeoushorny .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian fetish xxx licking .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cumshot blowjob sleeping cock .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish nude horse several models mature (Sandy,Sylvia).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian animal horse [milf] YEâPSè& .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\black porn hardcore [bangbus] glans (Sonja,Jade).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore [milf] .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm uncut hairy .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fucking uncut hole (Jenna,Melissa).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black horse blowjob big titts .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore voyeur glans .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8898.tmp\lesbian [free] high heels .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Common Files\microsoft shared\russian handjob bukkake [milf] cock beautyfull .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude blowjob hidden lady .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse hot (!) hole shoes .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling [bangbus] shower .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian kicking bukkake uncut redhair (Jenna,Liz).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish nude hardcore masturbation fishy .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\dotnet\shared\xxx catfight feet .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese animal blowjob sleeping castration .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian animal beast big hole ejaculation .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie big .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\japanese horse horse licking feet traffic (Curtney).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian handjob hardcore hidden hole .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\danish action lingerie lesbian glans high heels .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\blowjob catfight upskirt .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish fetish fucking girls .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx hot (!) (Karin).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese horse big .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\fetish xxx full movie titts .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\african blowjob uncut cock high heels (Samantha).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\CbsTemp\indian horse bukkake licking feet young .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia hardcore hidden mistress .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\british sperm catfight femdom .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish animal beast hot (!) balls .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian nude fucking several models .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american cum trambling voyeur sweet (Ashley,Karin).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\canadian blowjob sleeping .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish kicking horse girls feet hotel (Sylvia).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\security\templates\russian cumshot hardcore licking 50+ .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob [milf] .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SoftwareDistribution\Download\lesbian sleeping girly .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\malaysia bukkake [bangbus] titts wifey (Sarah).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\british lesbian full movie swallow .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\british trambling big ash .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\brasilian action trambling several models feet ejaculation .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\temp\lesbian hidden circumcision .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\russian cum bukkake uncut .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\handjob xxx [bangbus] (Tatjana).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\nude beast catfight .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\chinese xxx licking hole (Gina,Liz).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\malaysia beast masturbation glans (Ashley,Karin).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian handjob sperm sleeping swallow .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action fucking licking (Melissa).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\indian gang bang gay hidden cock 40+ (Sylvia).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\horse lingerie girls glans 40+ (Samantha).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\animal horse hidden titts gorgeoushorny .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia blowjob several models blondie .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay several models sm .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\tmp\italian cumshot hardcore hidden .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm sleeping .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian horse fucking [milf] cock .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\hardcore full movie feet gorgeoushorny .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\nude fucking voyeur (Janette).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse horse sleeping .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french trambling full movie titts ash .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast public cock boots (Samantha).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\porn lesbian full movie .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\animal hardcore uncut high heels .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\porn gay girls feet sm .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\spanish beast public glans mature (Janette).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\bukkake sleeping glans .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\horse [milf] circumcision .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish cumshot bukkake full movie glans (Anniston,Janette).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian gang bang lesbian [bangbus] feet beautyfull .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\animal trambling [bangbus] cock hairy (Janette).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\kicking fucking licking boots (Kathrin,Sarah).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish handjob sperm uncut traffic .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\sperm several models shower .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\fetish hardcore masturbation redhair .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese fetish lesbian uncut wifey .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\action bukkake licking blondie .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian nude trambling [free] glans ash .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british lesbian uncut circumcision .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\german beast [free] femdom .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish handjob hardcore lesbian .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\american horse lingerie public hole fishy .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\russian animal lesbian uncut (Karin).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
552	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
552	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2940	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2940	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4572	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4572	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4136	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4136	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2032	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2032	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1464	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1464	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3872	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3872	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2164	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2164	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 2376	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	87
PID 3928 wrote to memory of 2376	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	87
PID 3928 wrote to memory of 2376	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	87
PID 3928 wrote to memory of 1876	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	88
PID 3928 wrote to memory of 1876	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	88
PID 3928 wrote to memory of 1876	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	88
PID 2376 wrote to memory of 1264	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	89
PID 2376 wrote to memory of 1264	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	89
PID 2376 wrote to memory of 1264	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	89
PID 3928 wrote to memory of 316	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	94
PID 3928 wrote to memory of 316	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	94
PID 3928 wrote to memory of 316	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	94
PID 2376 wrote to memory of 4328	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	95
PID 2376 wrote to memory of 4328	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	95
PID 2376 wrote to memory of 4328	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	95
PID 1264 wrote to memory of 4584	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	96
PID 1264 wrote to memory of 4584	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	96
PID 1264 wrote to memory of 4584	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	96
PID 1876 wrote to memory of 2124	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	97
PID 1876 wrote to memory of 2124	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	97
PID 1876 wrote to memory of 2124	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	97
PID 316 wrote to memory of 552	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	98
PID 316 wrote to memory of 552	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	98
PID 316 wrote to memory of 552	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	98
PID 3928 wrote to memory of 2940	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	99
PID 3928 wrote to memory of 2940	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	99
PID 3928 wrote to memory of 2940	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	99
PID 2376 wrote to memory of 4572	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	100
PID 2376 wrote to memory of 4572	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	100
PID 2376 wrote to memory of 4572	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	100
PID 1876 wrote to memory of 4136	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	101
PID 1876 wrote to memory of 4136	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	101
PID 1876 wrote to memory of 4136	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	101
PID 1264 wrote to memory of 2032	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	102
PID 1264 wrote to memory of 2032	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	102
PID 1264 wrote to memory of 2032	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	102
PID 4328 wrote to memory of 1464	4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	103
PID 4328 wrote to memory of 1464	4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	103
PID 4328 wrote to memory of 1464	4328	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	103
PID 4584 wrote to memory of 3872	4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	104
PID 4584 wrote to memory of 3872	4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	104
PID 4584 wrote to memory of 3872	4584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	104
PID 2124 wrote to memory of 2164	2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	105
PID 2124 wrote to memory of 2164	2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	105
PID 2124 wrote to memory of 2164	2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	105
PID 552 wrote to memory of 1520	552	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	107
PID 552 wrote to memory of 1520	552	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	107
PID 552 wrote to memory of 1520	552	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	107
PID 2376 wrote to memory of 2000	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	108
PID 2376 wrote to memory of 2000	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	108
PID 2376 wrote to memory of 2000	2376	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	108
PID 316 wrote to memory of 4688	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	109
PID 316 wrote to memory of 4688	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	109
PID 316 wrote to memory of 4688	316	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	109
PID 3928 wrote to memory of 2856	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	110
PID 3928 wrote to memory of 2856	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	110
PID 3928 wrote to memory of 2856	3928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	110
PID 2940 wrote to memory of 2208	2940	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	111
PID 2940 wrote to memory of 2208	2940	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	111
PID 2940 wrote to memory of 2208	2940	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	111
PID 1876 wrote to memory of 4860	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	112
PID 1876 wrote to memory of 4860	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	112
PID 1876 wrote to memory of 4860	1876	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	112
PID 1264 wrote to memory of 3484	1264	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	113

C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
"C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:23280
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:21092
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:23256
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21028
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20000
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20600
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20504
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18588
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:23056
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19972
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22116
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22180
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20116
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20648
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19012
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:23248
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19768
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22104
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:23240
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:22080
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:22400
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20768
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22124
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22132
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20016
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21744
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20084
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20640
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17920
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21864
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19444
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:22140
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:23288
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:23448
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19880
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:568
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21776
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19036
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20664
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18636
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:21752
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:13816
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19336
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:20656
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17516
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:12896
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18212
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19776
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22268
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21736
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:22452
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:23088
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20996
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21712
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:23080
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19988
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:164
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:21768
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:22048
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20616
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19096
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:22088
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20284
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18220
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20632
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19536
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11668
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:12888
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18228
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:23376
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21068
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:21900
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20624
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19796
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20108
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18204
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18628
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19980
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19896
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18364
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:12168
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:16992
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18612
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:21848
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:21920
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:21020
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:12184
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:17148
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20608
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:21936
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:21760
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:14112
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5280
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:5228
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18596
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:17140
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:6544
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:11812
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:16472
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:8728
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:17068
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:12176
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:17084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude blowjob hidden lady .zip.exe

Filesize
178KB

MD5
0446a248834b8aa1b0ff0cca3091fd42

SHA1
059867f920ed743e78228dce3a2158124c091db6

SHA256
ef1aadb23b58c11cc36c379f770054523f113f73405283b104699601ad6db30d

SHA512
05d2667ddf4e24feeaa0fa6b604479b69c88ce799c711169586eb18c12b13275e5f63bd4771b1654bb5e0f8735f24f043dffcba1a9048865e494c72e87e519c3

Download Submit
memory/216-305-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/316-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/316-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/440-309-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/552-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/552-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1140-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1264-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1408-314-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1464-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1464-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1520-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1876-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2000-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2032-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2032-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2124-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2164-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2164-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2208-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2208-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2376-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2376-42-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-295-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2940-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2940-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2968-286-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3024-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3024-299-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3264-304-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3264-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3484-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3512-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3512-297-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3872-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3928-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3928-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3928-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3928-529-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3928-352-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4136-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4136-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4328-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4328-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4572-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4584-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4584-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4688-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4860-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4860-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5008-294-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5128-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5128-315-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5140-323-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5140-287-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5152-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5152-316-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5160-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5160-317-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5172-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5172-318-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-319-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5188-320-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5188-284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5196-288-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5196-324-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5204-289-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5204-325-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5212-326-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5220-327-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5228-321-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5236-328-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5244-329-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5252-285-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5252-322-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-298-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-342-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5408-301-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5512-300-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5520-302-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6064-330-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6080-334-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6080-296-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6092-307-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6148-303-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6200-306-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6224-313-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6232-310-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6288-308-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6348-311-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6376-312-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6784-331-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6804-332-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6812-333-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6872-335-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download