5c54bb2002a304b02c487190f48766df2ca4147ac1cd473d30a1a6d3d93a9a2a

Analysis

max time kernel
15s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91d843eda6d848bd07ef7e9809b5b470N.exe
Size

1.8MB
MD5

91d843eda6d848bd07ef7e9809b5b470
SHA1

8e142784c5ebaa3fb91681fcff3626acc30b7822
SHA256

5c54bb2002a304b02c487190f48766df2ca4147ac1cd473d30a1a6d3d93a9a2a
SHA512

5c6cb6b66fbd4e049722d05a75b03106b0513a368b8f20cba87a9e63e55f8f5dfcab8d18f1352f88daa613d641f34864040da3d48355cdee132115d7f5eded1a
SSDEEP

49152:xoDJmfNGmZZfGThHs4pkXfDFPCZhhcXpMWQK1DXuac07oV4:xxfNGmRfpCZhatQCXUQ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	91d843eda6d848bd07ef7e9809b5b470N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4440-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x00070000000234db-5.dat	upx
behavioral2/memory/3868-90-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3440-196-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4392-197-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4408-224-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/696-226-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2364-227-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4484-225-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1940-228-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/820-229-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2692-231-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2688-232-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4440-230-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3868-233-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5084-235-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3532-234-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1592-238-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/808-237-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3440-236-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2128-241-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4392-240-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1760-244-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4604-243-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3968-248-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/696-246-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4408-242-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/408-251-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2184-250-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1632-247-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4484-245-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1940-252-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2364-249-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2776-253-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2644-255-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/820-254-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1020-257-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2692-256-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/552-259-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2688-258-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/808-262-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3544-261-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2128-265-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1568-264-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1592-263-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5084-260-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3288-266-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2696-270-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1208-269-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1760-268-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4604-267-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5268-281-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5352-291-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5360-292-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5556-294-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2644-293-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5236-287-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5228-286-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5220-285-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2776-284-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5332-290-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5252-289-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5244-288-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5284-283-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	91d843eda6d848bd07ef7e9809b5b470N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\X:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Z:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\P:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\U:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\V:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\W:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\J:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\K:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\L:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\O:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\S:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\B:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\E:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\I:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\M:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\R:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\T:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Y:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\A:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\G:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\N:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Q:	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\fetish public nipples shower .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fucking porn full movie feet mistress (Christine).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\nude [free] legs .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia porn horse girls boobs .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\norwegian blowjob beast hot (!) shower (Samantha).mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\nude gay [milf] penetration .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian kicking gang bang [bangbus] .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french animal hot (!) .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian horse hot (!) penetration .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian fetish voyeur shower .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black xxx hardcore [bangbus] high heels .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\porn several models nipples .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\beast hardcore full movie glans .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian kicking uncut bedroom .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum [bangbus] nipples black hairunshaved .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\sperm lesbian licking swallow .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking [bangbus] cock black hairunshaved .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\dotnet\shared\lingerie girls nipples young .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\malaysia blowjob sleeping hole .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\canadian fucking gay full movie sweet (Sonja,Jenna).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking lesbian .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast lesbian femdom .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian trambling several models .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie gang bang [milf] sm .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish hardcore [free] legs ash .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake full movie leather (Sonja).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese blowjob horse hidden legs .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish kicking girls ash .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm trambling catfight legs .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\security\templates\lesbian girls feet mature .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian bukkake girls .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish cumshot masturbation shower (Jade,Jade).mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cumshot handjob uncut sweet .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\swedish porn hot (!) vagina pregnant .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\blowjob animal lesbian bedroom .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian fetish cumshot [free] boobs girly .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse blowjob [milf] YEâPSè& .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\animal gang bang hidden nipples .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german horse several models mistress .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\CbsTemp\american cumshot masturbation stockings (Melissa).mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\PLA\Templates\spanish bukkake catfight granny .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob full movie boots .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\nude xxx sleeping .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\handjob cum big girly (Gina,Sarah).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\horse fucking [bangbus] (Sandy).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\chinese beastiality bukkake [bangbus] .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\mssrv.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american lingerie fucking girls (Karin).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish action animal girls sm .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german animal nude masturbation nipples sweet (Anniston).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\swedish lesbian cum big 40+ .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\chinese handjob trambling full movie young (Janette,Janette).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\hardcore [milf] ash .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\kicking [milf] pregnant .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\russian gang bang gang bang uncut vagina .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\nude trambling girls legs granny (Liz).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\bukkake nude big .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\action beast lesbian .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\porn several models sm .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\brasilian kicking [bangbus] 50+ .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\tyrkish fucking hidden vagina .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\german horse [milf] stockings .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\fucking sleeping feet .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\action [milf] cock bedroom (Kathrin).mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\cum trambling licking .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking beastiality [free] boobs stockings .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\handjob nude masturbation fishy .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\cumshot lesbian .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\Downloaded Program Files\swedish lingerie kicking catfight feet .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\russian fucking catfight shoes .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\russian animal [free] hotel (Liz).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\cum lingerie girls lady (Christine,Sarah).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\animal xxx [milf] penetration .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish blowjob blowjob public 40+ (Sandy).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\horse gang bang public legs (Gina).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie gang bang girls fishy (Kathrin).zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\chinese lesbian public nipples femdom .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\german porn girls cock shower .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\american hardcore big blondie .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\danish hardcore masturbation feet black hairunshaved .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\action fetish hot (!) boots .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay fetish hidden circumcision .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\handjob hot (!) boots (Sonja).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian bukkake uncut young (Karin).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\sperm uncut bondage (Anniston).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british xxx hardcore lesbian glans sweet .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\horse nude big boobs granny .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish lesbian (Gina,Jade).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\xxx beast [free] balls .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\malaysia fetish blowjob masturbation beautyfull .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian cumshot horse sleeping (Ashley,Christine).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\german sperm porn public sm .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\african hardcore sleeping gorgeoushorny (Karin,Jenna).zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
4408	91d843eda6d848bd07ef7e9809b5b470N.exe
4408	91d843eda6d848bd07ef7e9809b5b470N.exe
4484	91d843eda6d848bd07ef7e9809b5b470N.exe
4484	91d843eda6d848bd07ef7e9809b5b470N.exe
696	91d843eda6d848bd07ef7e9809b5b470N.exe
696	91d843eda6d848bd07ef7e9809b5b470N.exe
2364	91d843eda6d848bd07ef7e9809b5b470N.exe
2364	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
1940	91d843eda6d848bd07ef7e9809b5b470N.exe
1940	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
820	91d843eda6d848bd07ef7e9809b5b470N.exe
820	91d843eda6d848bd07ef7e9809b5b470N.exe
4440	91d843eda6d848bd07ef7e9809b5b470N.exe
2692	91d843eda6d848bd07ef7e9809b5b470N.exe
2692	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
4392	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
2688	91d843eda6d848bd07ef7e9809b5b470N.exe
3440	91d843eda6d848bd07ef7e9809b5b470N.exe
2688	91d843eda6d848bd07ef7e9809b5b470N.exe
3532	91d843eda6d848bd07ef7e9809b5b470N.exe
3532	91d843eda6d848bd07ef7e9809b5b470N.exe
4408	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
3868	91d843eda6d848bd07ef7e9809b5b470N.exe
4408	91d843eda6d848bd07ef7e9809b5b470N.exe
4484	91d843eda6d848bd07ef7e9809b5b470N.exe
4484	91d843eda6d848bd07ef7e9809b5b470N.exe
5084	91d843eda6d848bd07ef7e9809b5b470N.exe
5084	91d843eda6d848bd07ef7e9809b5b470N.exe
808	91d843eda6d848bd07ef7e9809b5b470N.exe
808	91d843eda6d848bd07ef7e9809b5b470N.exe
1592	91d843eda6d848bd07ef7e9809b5b470N.exe
1592	91d843eda6d848bd07ef7e9809b5b470N.exe
2364	91d843eda6d848bd07ef7e9809b5b470N.exe
2364	91d843eda6d848bd07ef7e9809b5b470N.exe
696	91d843eda6d848bd07ef7e9809b5b470N.exe
696	91d843eda6d848bd07ef7e9809b5b470N.exe
2128	91d843eda6d848bd07ef7e9809b5b470N.exe
2128	91d843eda6d848bd07ef7e9809b5b470N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3868	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	87
PID 4440 wrote to memory of 3868	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	87
PID 4440 wrote to memory of 3868	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	87
PID 4440 wrote to memory of 3440	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	88
PID 4440 wrote to memory of 3440	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	88
PID 4440 wrote to memory of 3440	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	88
PID 3868 wrote to memory of 4392	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	89
PID 3868 wrote to memory of 4392	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	89
PID 3868 wrote to memory of 4392	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	89
PID 4440 wrote to memory of 4408	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	94
PID 4440 wrote to memory of 4408	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	94
PID 4440 wrote to memory of 4408	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	94
PID 4392 wrote to memory of 4484	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	95
PID 4392 wrote to memory of 4484	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	95
PID 4392 wrote to memory of 4484	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	95
PID 3440 wrote to memory of 696	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	96
PID 3440 wrote to memory of 696	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	96
PID 3440 wrote to memory of 696	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	96
PID 3868 wrote to memory of 2364	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	97
PID 3868 wrote to memory of 2364	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	97
PID 3868 wrote to memory of 2364	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	97
PID 4440 wrote to memory of 1940	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	98
PID 4440 wrote to memory of 1940	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	98
PID 4440 wrote to memory of 1940	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	98
PID 4392 wrote to memory of 820	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	99
PID 4392 wrote to memory of 820	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	99
PID 4392 wrote to memory of 820	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	99
PID 3440 wrote to memory of 2692	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	100
PID 3440 wrote to memory of 2692	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	100
PID 3440 wrote to memory of 2692	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	100
PID 4408 wrote to memory of 2688	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	101
PID 4408 wrote to memory of 2688	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	101
PID 4408 wrote to memory of 2688	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	101
PID 3868 wrote to memory of 3532	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	102
PID 3868 wrote to memory of 3532	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	102
PID 3868 wrote to memory of 3532	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	102
PID 4484 wrote to memory of 5084	4484	91d843eda6d848bd07ef7e9809b5b470N.exe	103
PID 4484 wrote to memory of 5084	4484	91d843eda6d848bd07ef7e9809b5b470N.exe	103
PID 4484 wrote to memory of 5084	4484	91d843eda6d848bd07ef7e9809b5b470N.exe	103
PID 2364 wrote to memory of 808	2364	91d843eda6d848bd07ef7e9809b5b470N.exe	104
PID 2364 wrote to memory of 808	2364	91d843eda6d848bd07ef7e9809b5b470N.exe	104
PID 2364 wrote to memory of 808	2364	91d843eda6d848bd07ef7e9809b5b470N.exe	104
PID 696 wrote to memory of 1592	696	91d843eda6d848bd07ef7e9809b5b470N.exe	105
PID 696 wrote to memory of 1592	696	91d843eda6d848bd07ef7e9809b5b470N.exe	105
PID 696 wrote to memory of 1592	696	91d843eda6d848bd07ef7e9809b5b470N.exe	105
PID 4440 wrote to memory of 2128	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	107
PID 4440 wrote to memory of 2128	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	107
PID 4440 wrote to memory of 2128	4440	91d843eda6d848bd07ef7e9809b5b470N.exe	107
PID 1940 wrote to memory of 4604	1940	91d843eda6d848bd07ef7e9809b5b470N.exe	108
PID 1940 wrote to memory of 4604	1940	91d843eda6d848bd07ef7e9809b5b470N.exe	108
PID 1940 wrote to memory of 4604	1940	91d843eda6d848bd07ef7e9809b5b470N.exe	108
PID 4392 wrote to memory of 1760	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	109
PID 4392 wrote to memory of 1760	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	109
PID 4392 wrote to memory of 1760	4392	91d843eda6d848bd07ef7e9809b5b470N.exe	109
PID 3440 wrote to memory of 1632	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	110
PID 3440 wrote to memory of 1632	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	110
PID 3440 wrote to memory of 1632	3440	91d843eda6d848bd07ef7e9809b5b470N.exe	110
PID 4408 wrote to memory of 3968	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	111
PID 4408 wrote to memory of 3968	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	111
PID 4408 wrote to memory of 3968	4408	91d843eda6d848bd07ef7e9809b5b470N.exe	111
PID 3868 wrote to memory of 2184	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	112
PID 3868 wrote to memory of 2184	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	112
PID 3868 wrote to memory of 2184	3868	91d843eda6d848bd07ef7e9809b5b470N.exe	112
PID 820 wrote to memory of 2776	820	91d843eda6d848bd07ef7e9809b5b470N.exe	113

C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
"C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3868
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        9⤵
        
        PID:20004
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:22548
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:22312
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:20012
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22600
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:20656
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:18876
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22120
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:19924
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20432
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20320
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20672
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:20616
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22296
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:19648
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:23224
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:18496
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19028
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19908
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19164
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:19916
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20728
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:23240
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20296
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20232
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19440
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20248
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20028
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20440
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20168
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22352
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22272
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20392
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20140
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19060
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20784
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22564
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20200
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:26976
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19308
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20224
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:21448
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19172
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:23232
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22304
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22288
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22540
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19632
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20208
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19132
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20216
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19364
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22588
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19448
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:23216
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19012
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20424
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20256
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19116
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22264
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20152
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20664
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20376
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22216
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19316
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20092
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:22208
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20384
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:15240
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:20648
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3440
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:18892
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:22344
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20076
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22280
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20696
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19148
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:26944
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20044
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20132
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22328
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19972
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19480
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19036
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:18852
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19180
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20328
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20344
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19044
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20192
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22608
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20752
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22108
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:23644
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20184
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20416
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20280
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:18844
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20036
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22248
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22256
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20768
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:22240
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:7812
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20116
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20720
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20408
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19624
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:14856
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:20736
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:20064
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22580
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:22320
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20312
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20760
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19100
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:26932
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20336
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20304
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19284
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:19640
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:22572
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:23248
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20448
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:22556
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20744
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19356
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20640
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20160
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19276
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:21760
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20240
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:15232
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:20632
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19996
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:22200
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:20100
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19140
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19608
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:19348
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20360
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20124
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:14568
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:19084
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:19980
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:22232
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:18536
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20020
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:16028
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:19464
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:5276
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:20272
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:13088
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:14600
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:19124
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:6560
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:18900
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:14532
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:23196
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:8324
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:15900
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:22336
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:12108
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:18820
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:14800
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:19188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian kicking uncut bedroom .mpeg.exe

Filesize
1.3MB

MD5
e20f61e2bc858ac969fa76f94ff35b5b

SHA1
671ea71dd86d0bdf2e9ef89e192dbc302c300b87

SHA256
25d54039c06655ea33698b909f9a69e8f70712f20ca3c13a5c17711a0cad1749

SHA512
7e05387a246aebf5cdd9acdef26a248ae3052bb5c13ea2149ce0ff01b758ba065a699de575996684588749a1da80646b7818bb3f22cc81204d56f0309c12f28e

Download Submit
C:\debug.txt

Filesize
146B

MD5
b13be55cd27acfc1e83959408b267b18

SHA1
21288ebda71f326453c7ceff910a2a18c8c095e2

SHA256
993bcbe6a501b6dc6bf0c52d48c92a70ae29bd0ce72bbefa1929e230abc8559e

SHA512
a6bbd4ff113a794b120402b4e40c95245c771df84dbfd3bae882e3afde354335e5909705415e22b6bd3dbe28c1022bf3f29d2a75505833bbdbf89b4f601412fe

Download Submit
memory/408-251-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/408-277-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/552-259-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/552-309-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/696-246-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/696-226-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/808-237-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/808-262-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/820-229-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/820-254-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/996-308-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1020-295-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1020-257-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1208-269-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1320-299-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1568-264-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1568-318-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1592-263-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1592-238-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1632-274-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1632-247-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1760-268-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1760-244-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1940-228-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1940-252-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2128-241-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2128-265-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2176-298-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2184-250-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2184-276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-227-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-249-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2644-255-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2644-293-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2688-258-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2688-232-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2692-256-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2692-231-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2696-270-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2776-253-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2776-284-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3288-266-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3440-236-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3440-196-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3532-234-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3544-311-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3544-261-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3868-233-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3868-90-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3968-248-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3968-275-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4392-197-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4392-240-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4408-242-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4408-224-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4440-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4440-230-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4484-245-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4484-225-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4604-243-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4604-267-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5084-235-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5084-260-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5124-297-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5196-278-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5204-279-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5220-285-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5228-286-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5236-287-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5244-288-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5252-289-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5260-280-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5268-281-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5276-282-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5284-283-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5296-310-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5300-300-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5332-290-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5352-291-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-292-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5372-301-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5380-312-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5384-302-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5392-303-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5400-304-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5556-294-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5616-305-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5624-306-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5632-307-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5756-313-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6140-296-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6544-319-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6552-320-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6560-321-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6568-322-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6576-323-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download