c47ae427dc9ae9c8f5d9bcd19c02da056c550d9e876fcc8dbd907758719612ce

Analysis

max time kernel
14s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c01855d913b0c19e2565463ae1ac790N.exe
Size

1.3MB
MD5

6c01855d913b0c19e2565463ae1ac790
SHA1

6252f1a24d05a94c54a695d0d226e2c8d8cb35ba
SHA256

c47ae427dc9ae9c8f5d9bcd19c02da056c550d9e876fcc8dbd907758719612ce
SHA512

f3bb7de6055ee7716db188792cdf02363cc75fea1d3efafc79d3d77d040226da7450c378eaa5829209ab4e43da24548157ef76939eea9d9a2edc28e30d207131
SSDEEP

24576:oWVJDnpTGUJUUHxFlPPipv1nXHVOAp25Gwlu7kA0MWmkdl4gyuC2nULL7WyjZ/:V7jhJ3lK1nXIAp2kwlu7kA0wKl4gzC28

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6c01855d913b0c19e2565463ae1ac790N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6c01855d913b0c19e2565463ae1ac790N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\L:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\M:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\P:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\T:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\G:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\E:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\H:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\I:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\N:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\O:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\Q:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\U:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\A:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\Z:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\V:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\J:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\S:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\Y:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\B:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\W:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\X:	6c01855d913b0c19e2565463ae1ac790N.exe
File opened (read-only)	\??\R:	6c01855d913b0c19e2565463ae1ac790N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore catfight feet beautyfull .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore hidden titts mature .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian fucking hidden glans latex .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian nude lingerie catfight hairy (Sandy,Liz).mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang fucking sleeping bedroom .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese nude lesbian public swallow .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian action fucking several models feet upskirt .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore catfight hole circumcision .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish porn fucking several models femdom .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black beastiality fucking lesbian (Curtney).zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian [milf] blondie .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx hot (!) hole (Gina,Sylvia).zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie [bangbus] traffic .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\blowjob several models .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake lesbian traffic .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian cum blowjob hidden boots .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\blowjob full movie cock wifey .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake masturbation mistress (Ashley,Tatjana).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Google\Temp\beast sleeping (Jade).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\blowjob masturbation (Liz).rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Common Files\microsoft shared\lingerie [milf] sm .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish animal xxx full movie latex .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish nude horse big castration .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling hot (!) titts .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian nude gay public cock (Gina,Liz).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish handjob lingerie voyeur hole .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\dotnet\shared\russian action bukkake [bangbus] penetration .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish action fucking hot (!) girly .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian horse sperm hidden hole ash .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian porn lingerie big cock sweet .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\fetish hardcore girls .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\canadian xxx full movie glans .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian nude lingerie big hole traffic (Jade).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx licking .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\bukkake masturbation 50+ .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\kicking sperm public feet black hairunshaved (Curtney).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\cumshot trambling [free] titts (Britney,Curtney).mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\norwegian blowjob [milf] blondie .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia sperm public cock bondage .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\american gang bang trambling masturbation .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\Downloaded Program Files\indian gang bang gay hidden .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian kicking gay big wifey .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\black cumshot trambling public feet balls .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\black beastiality lingerie [bangbus] .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\italian porn lingerie big (Tatjana).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\action sperm voyeur glans (Kathrin,Janette).rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\malaysia horse public YEâPSè& .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian trambling hot (!) (Janette).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian cum bukkake catfight hairy .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\malaysia lingerie masturbation shower (Gina,Janette).zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\cumshot trambling masturbation glans balls (Karin).mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\french trambling catfight hole stockings (Sarah).zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\blowjob several models feet YEâPSè& .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\mssrv.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking full movie titts .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian handjob horse full movie cock .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese trambling [milf] latex (Sonja,Liz).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\nude horse [bangbus] feet .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\assembly\temp\tyrkish cumshot lesbian girls titts .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\asian blowjob full movie glans balls (Tatjana).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie uncut high heels .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\black kicking horse catfight swallow .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish gay public (Karin).mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cumshot trambling sleeping .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\fetish hardcore big shoes .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian animal gay big feet latex (Samantha).mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french xxx voyeur Ôï .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\japanese gang bang horse several models bedroom .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lesbian uncut titts .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cumshot bukkake voyeur glans femdom .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\british gay [milf] girly (Sonja,Janette).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\nude beast several models hole (Anniston,Jade).rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\russian handjob lesbian full movie feet shoes .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\InputMethod\SHARED\swedish gang bang sperm full movie beautyfull .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\hardcore [free] sweet (Ashley,Sylvia).mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia horse licking circumcision .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\bukkake full movie glans latex .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\PLA\Templates\swedish nude beast uncut feet shoes .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\kicking horse big glans hairy .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\trambling several models femdom (Sonja,Karin).mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\canadian horse licking feet high heels .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french lesbian hot (!) cock 50+ .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish kicking horse full movie young .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\nude beast full movie boots .avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\spanish blowjob hot (!) titts boots .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\porn lesbian [bangbus] feet YEâPSè& .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\assembly\tmp\lingerie masturbation hole latex .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black fetish sperm public .mpeg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\russian animal hardcore hot (!) glans sm (Samantha).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\gang bang lingerie hidden .zip.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian trambling catfight titts .mpg.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish horse full movie (Curtney).avi.exe	6c01855d913b0c19e2565463ae1ac790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\kicking beast masturbation lady .rar.exe	6c01855d913b0c19e2565463ae1ac790N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
3516	6c01855d913b0c19e2565463ae1ac790N.exe
3516	6c01855d913b0c19e2565463ae1ac790N.exe
1328	6c01855d913b0c19e2565463ae1ac790N.exe
1328	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
3848	6c01855d913b0c19e2565463ae1ac790N.exe
3848	6c01855d913b0c19e2565463ae1ac790N.exe
4144	6c01855d913b0c19e2565463ae1ac790N.exe
4144	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
1232	6c01855d913b0c19e2565463ae1ac790N.exe
1232	6c01855d913b0c19e2565463ae1ac790N.exe
4248	6c01855d913b0c19e2565463ae1ac790N.exe
4248	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
4968	6c01855d913b0c19e2565463ae1ac790N.exe
2288	6c01855d913b0c19e2565463ae1ac790N.exe
2288	6c01855d913b0c19e2565463ae1ac790N.exe
3516	6c01855d913b0c19e2565463ae1ac790N.exe
3516	6c01855d913b0c19e2565463ae1ac790N.exe
2284	6c01855d913b0c19e2565463ae1ac790N.exe
2284	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4576	6c01855d913b0c19e2565463ae1ac790N.exe
4872	6c01855d913b0c19e2565463ae1ac790N.exe
4872	6c01855d913b0c19e2565463ae1ac790N.exe
3628	6c01855d913b0c19e2565463ae1ac790N.exe
3628	6c01855d913b0c19e2565463ae1ac790N.exe
1328	6c01855d913b0c19e2565463ae1ac790N.exe
1328	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
1864	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
4988	6c01855d913b0c19e2565463ae1ac790N.exe
2260	6c01855d913b0c19e2565463ae1ac790N.exe
2260	6c01855d913b0c19e2565463ae1ac790N.exe
764	6c01855d913b0c19e2565463ae1ac790N.exe
764	6c01855d913b0c19e2565463ae1ac790N.exe
3848	6c01855d913b0c19e2565463ae1ac790N.exe
3848	6c01855d913b0c19e2565463ae1ac790N.exe
4144	6c01855d913b0c19e2565463ae1ac790N.exe
4144	6c01855d913b0c19e2565463ae1ac790N.exe
2004	6c01855d913b0c19e2565463ae1ac790N.exe
2004	6c01855d913b0c19e2565463ae1ac790N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 1864	4576	6c01855d913b0c19e2565463ae1ac790N.exe	88
PID 4576 wrote to memory of 1864	4576	6c01855d913b0c19e2565463ae1ac790N.exe	88
PID 4576 wrote to memory of 1864	4576	6c01855d913b0c19e2565463ae1ac790N.exe	88
PID 4576 wrote to memory of 4968	4576	6c01855d913b0c19e2565463ae1ac790N.exe	92
PID 4576 wrote to memory of 4968	4576	6c01855d913b0c19e2565463ae1ac790N.exe	92
PID 4576 wrote to memory of 4968	4576	6c01855d913b0c19e2565463ae1ac790N.exe	92
PID 1864 wrote to memory of 4988	1864	6c01855d913b0c19e2565463ae1ac790N.exe	94
PID 1864 wrote to memory of 4988	1864	6c01855d913b0c19e2565463ae1ac790N.exe	94
PID 1864 wrote to memory of 4988	1864	6c01855d913b0c19e2565463ae1ac790N.exe	94
PID 4968 wrote to memory of 3516	4968	6c01855d913b0c19e2565463ae1ac790N.exe	95
PID 4968 wrote to memory of 3516	4968	6c01855d913b0c19e2565463ae1ac790N.exe	95
PID 4968 wrote to memory of 3516	4968	6c01855d913b0c19e2565463ae1ac790N.exe	95
PID 4576 wrote to memory of 1328	4576	6c01855d913b0c19e2565463ae1ac790N.exe	96
PID 4576 wrote to memory of 1328	4576	6c01855d913b0c19e2565463ae1ac790N.exe	96
PID 4576 wrote to memory of 1328	4576	6c01855d913b0c19e2565463ae1ac790N.exe	96
PID 1864 wrote to memory of 3848	1864	6c01855d913b0c19e2565463ae1ac790N.exe	97
PID 1864 wrote to memory of 3848	1864	6c01855d913b0c19e2565463ae1ac790N.exe	97
PID 1864 wrote to memory of 3848	1864	6c01855d913b0c19e2565463ae1ac790N.exe	97
PID 4988 wrote to memory of 4144	4988	6c01855d913b0c19e2565463ae1ac790N.exe	98
PID 4988 wrote to memory of 4144	4988	6c01855d913b0c19e2565463ae1ac790N.exe	98
PID 4988 wrote to memory of 4144	4988	6c01855d913b0c19e2565463ae1ac790N.exe	98
PID 4968 wrote to memory of 1232	4968	6c01855d913b0c19e2565463ae1ac790N.exe	100
PID 4968 wrote to memory of 1232	4968	6c01855d913b0c19e2565463ae1ac790N.exe	100
PID 4968 wrote to memory of 1232	4968	6c01855d913b0c19e2565463ae1ac790N.exe	100
PID 3516 wrote to memory of 4248	3516	6c01855d913b0c19e2565463ae1ac790N.exe	101
PID 3516 wrote to memory of 4248	3516	6c01855d913b0c19e2565463ae1ac790N.exe	101
PID 3516 wrote to memory of 4248	3516	6c01855d913b0c19e2565463ae1ac790N.exe	101
PID 4576 wrote to memory of 2288	4576	6c01855d913b0c19e2565463ae1ac790N.exe	102
PID 4576 wrote to memory of 2288	4576	6c01855d913b0c19e2565463ae1ac790N.exe	102
PID 4576 wrote to memory of 2288	4576	6c01855d913b0c19e2565463ae1ac790N.exe	102
PID 1328 wrote to memory of 2284	1328	6c01855d913b0c19e2565463ae1ac790N.exe	103
PID 1328 wrote to memory of 2284	1328	6c01855d913b0c19e2565463ae1ac790N.exe	103
PID 1328 wrote to memory of 2284	1328	6c01855d913b0c19e2565463ae1ac790N.exe	103
PID 1864 wrote to memory of 4872	1864	6c01855d913b0c19e2565463ae1ac790N.exe	104
PID 1864 wrote to memory of 4872	1864	6c01855d913b0c19e2565463ae1ac790N.exe	104
PID 1864 wrote to memory of 4872	1864	6c01855d913b0c19e2565463ae1ac790N.exe	104
PID 4988 wrote to memory of 3628	4988	6c01855d913b0c19e2565463ae1ac790N.exe	105
PID 4988 wrote to memory of 3628	4988	6c01855d913b0c19e2565463ae1ac790N.exe	105
PID 4988 wrote to memory of 3628	4988	6c01855d913b0c19e2565463ae1ac790N.exe	105
PID 3848 wrote to memory of 2260	3848	6c01855d913b0c19e2565463ae1ac790N.exe	106
PID 3848 wrote to memory of 2260	3848	6c01855d913b0c19e2565463ae1ac790N.exe	106
PID 3848 wrote to memory of 2260	3848	6c01855d913b0c19e2565463ae1ac790N.exe	106
PID 4144 wrote to memory of 764	4144	6c01855d913b0c19e2565463ae1ac790N.exe	107
PID 4144 wrote to memory of 764	4144	6c01855d913b0c19e2565463ae1ac790N.exe	107
PID 4144 wrote to memory of 764	4144	6c01855d913b0c19e2565463ae1ac790N.exe	107
PID 4968 wrote to memory of 2004	4968	6c01855d913b0c19e2565463ae1ac790N.exe	109
PID 4968 wrote to memory of 2004	4968	6c01855d913b0c19e2565463ae1ac790N.exe	109
PID 4968 wrote to memory of 2004	4968	6c01855d913b0c19e2565463ae1ac790N.exe	109
PID 1232 wrote to memory of 2380	1232	6c01855d913b0c19e2565463ae1ac790N.exe	110
PID 1232 wrote to memory of 2380	1232	6c01855d913b0c19e2565463ae1ac790N.exe	110
PID 1232 wrote to memory of 2380	1232	6c01855d913b0c19e2565463ae1ac790N.exe	110
PID 3516 wrote to memory of 5052	3516	6c01855d913b0c19e2565463ae1ac790N.exe	111
PID 3516 wrote to memory of 5052	3516	6c01855d913b0c19e2565463ae1ac790N.exe	111
PID 3516 wrote to memory of 5052	3516	6c01855d913b0c19e2565463ae1ac790N.exe	111
PID 4576 wrote to memory of 4648	4576	6c01855d913b0c19e2565463ae1ac790N.exe	112
PID 4576 wrote to memory of 4648	4576	6c01855d913b0c19e2565463ae1ac790N.exe	112
PID 4576 wrote to memory of 4648	4576	6c01855d913b0c19e2565463ae1ac790N.exe	112
PID 4248 wrote to memory of 2092	4248	6c01855d913b0c19e2565463ae1ac790N.exe	113
PID 4248 wrote to memory of 2092	4248	6c01855d913b0c19e2565463ae1ac790N.exe	113
PID 4248 wrote to memory of 2092	4248	6c01855d913b0c19e2565463ae1ac790N.exe	113
PID 1328 wrote to memory of 552	1328	6c01855d913b0c19e2565463ae1ac790N.exe	114
PID 1328 wrote to memory of 552	1328	6c01855d913b0c19e2565463ae1ac790N.exe	114
PID 1328 wrote to memory of 552	1328	6c01855d913b0c19e2565463ae1ac790N.exe	114
PID 1864 wrote to memory of 1612	1864	6c01855d913b0c19e2565463ae1ac790N.exe	115

C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
"C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        9⤵
        
        PID:23896
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:21156
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:21188
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:21164
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:23880
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:19680
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20920
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23824
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18784
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:21092
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:24016
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:23848
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:23872
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21024
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18456
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18496
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21180
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18664
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18472
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18728
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:404
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18776
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20000
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:21076
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:20976
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21068
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21404
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23760
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21212
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21252
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18832
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21172
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:20936
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21036
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:20928
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20464
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:24700
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21116
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:19988
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18716
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21220
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21412
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:23816
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:20984
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:23904
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21140
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18440
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:17260
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:10928
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:14340
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6580
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        8⤵
        
        PID:23888
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:20904
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:23800
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:18512
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:21244
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        7⤵
        
        PID:23808
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21148
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21236
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23864
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23856
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21432
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20456
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23912
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21016
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21008
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21284
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23784
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:20968
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21060
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:19068
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21124
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:23768
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18800
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6952
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18384
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:14388
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:1204
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21424
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:24692
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:20992
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:21000
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        6⤵
        
        PID:23832
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21196
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:20960
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:21440
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18448
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:13608
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:21132
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18656
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21100
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:23776
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:10888
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:13716
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:19000
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:21204
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:20944
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:23840
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:14060
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:18648
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:5288
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
      "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
      4⤵
      PID:23792
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:13296
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:18464
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:6796
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:13988
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:18572
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:7972
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:13112
- - C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
    3⤵
    PID:17596
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:10744
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:13624
- C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe
  "C:\Users\Admin\AppData\Local\Temp\6c01855d913b0c19e2565463ae1ac790N.exe"
  2⤵
  PID:18584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish animal xxx full movie latex .rar.exe

Filesize
1.1MB

MD5
2c9a8b8876e869622c365684295a5a25

SHA1
9573681163f12f2a58340c448735f02d710180ed

SHA256
482f8725a3ca0d8b97b29e4cba6f9941f627c75fc7bb4378b81d6fc3916cdea9

SHA512
d8985580bd3eacda6eae3bd4acbb5d5ee09358b6a03782bc992c783fe15c7317918b99c09dc6fc42040ee64d6e2347f72c0a5809ae38729549de5427da888e03

Download Submit
memory/552-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1328-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1612-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1864-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2004-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2260-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2284-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2380-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2468-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2588-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3516-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3628-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3720-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4048-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4248-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4560-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4576-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4648-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4872-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4988-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5080-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5164-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5192-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5200-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5208-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5224-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5232-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5256-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5264-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5272-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5280-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5288-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5296-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5304-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5312-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6112-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6128-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6224-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6240-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6300-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6308-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6336-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6428-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6556-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6628-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6640-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6656-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6664-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6672-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6684-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6692-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6720-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6724-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6736-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6796-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6804-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6900-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7136-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7368-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7376-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7384-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7400-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7876-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7884-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7900-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7924-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7932-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7940-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7956-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7964-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7972-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7980-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7988-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7996-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8004-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8012-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8020-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8028-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8036-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8084-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8092-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8108-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8124-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8148-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8156-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8164-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8188-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10712-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10720-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10728-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10792-324-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10912-326-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10992-325-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download