8c5dd2d2430e6730c3f8460544f25d0b58970d298958fc082bd12b764eacc806

Analysis

max time kernel
12s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

289cef8c58a9ee93044653521af992b0N.exe
Size

989KB
MD5

289cef8c58a9ee93044653521af992b0
SHA1

f9ce52da1b66e89eb3aeb2e6a7eb64f02ca16d3d
SHA256

8c5dd2d2430e6730c3f8460544f25d0b58970d298958fc082bd12b764eacc806
SHA512

a21ef94329882a75264a391ef2291014173dd4207fbeb6a50c6dc09cf7cd10062215497fd13f2074d55588c036eec2201b233ee6c383d94e7f41af806189973f
SSDEEP

24576:oWf5AAVt67YwWS3DQ2lzoIKKYxS2N7VOlgUy8rwIq:Vf5U7BWSM0zFuvNlOq

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	289cef8c58a9ee93044653521af992b0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	289cef8c58a9ee93044653521af992b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\B:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\J:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\M:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\P:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\U:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\Z:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\K:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\R:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\T:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\W:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\X:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\E:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\O:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\Q:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\N:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\S:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\V:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\A:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\G:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\H:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\I:	289cef8c58a9ee93044653521af992b0N.exe
File opened (read-only)	\??\L:	289cef8c58a9ee93044653521af992b0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american gang bang trambling catfight .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast masturbation cock young .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast sleeping blondie .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese gang bang gay lesbian .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish animal trambling lesbian 40+ .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese horse bukkake lesbian .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay voyeur granny .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\horse hot (!) girly .rar.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian beastiality gay masturbation hairy .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake full movie ash .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian gang bang gay [bangbus] pregnant .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese handjob bukkake [milf] glans .zip.exe	289cef8c58a9ee93044653521af992b0N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\indian kicking blowjob [milf] (Sylvia).avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\horse public wifey .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish porn gay sleeping penetration .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Google\Temp\american kicking lesbian public cock (Sonja,Sylvia).avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking sleeping fishy .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish cumshot gay public hole latex .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black handjob trambling catfight cock beautyfull (Karin).rar.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse horse masturbation high heels .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian fetish xxx full movie cock .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling sleeping .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality lesbian voyeur young .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish action gay masturbation gorgeoushorny (Britney,Melissa).zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian gang bang trambling lesbian stockings .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore big gorgeoushorny .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake [milf] feet ash .rar.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse hot (!) .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american porn gay full movie glans girly (Janette).mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish handjob sperm hot (!) Ôï .rar.exe	289cef8c58a9ee93044653521af992b0N.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\InputMethod\SHARED\italian gang bang sperm public titts penetration (Tatjana).avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian lesbian hot (!) hairy .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black action lesbian [bangbus] feet stockings .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian porn gay uncut cock .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\PLA\Templates\tyrkish horse lesbian catfight .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake sleeping hole ¼ë .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american cumshot gay uncut wifey .rar.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish gang bang hardcore girls cock lady .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish animal blowjob voyeur shoes .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian handjob xxx big cock girly (Curtney).mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish cum xxx hot (!) .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black nude beast uncut cock blondie (Samantha).mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black cum xxx licking hairy (Christine,Sylvia).mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\temp\brasilian handjob trambling voyeur YEâPSè& (Sonja,Janette).mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\tmp\cum blowjob several models mistress .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black horse lesbian catfight glans (Sandy,Liz).zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\CbsTemp\american beastiality lingerie [free] sweet .zip.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn xxx sleeping pregnant .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm several models glans .avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\mssrv.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\norwegian trambling public .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish animal gay big cock traffic .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\security\templates\tyrkish porn hardcore big hole Ôï .rar.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie [free] glans upskirt .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish handjob gay [bangbus] fishy .mpg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake public feet .mpeg.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\Downloaded Program Files\american handjob fucking sleeping feet femdom (Sylvia).avi.exe	289cef8c58a9ee93044653521af992b0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american beastiality horse full movie .rar.exe	289cef8c58a9ee93044653521af992b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
4316	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
4108	289cef8c58a9ee93044653521af992b0N.exe
4108	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
2796	289cef8c58a9ee93044653521af992b0N.exe
2796	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
4472	289cef8c58a9ee93044653521af992b0N.exe
4472	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
3284	289cef8c58a9ee93044653521af992b0N.exe
3284	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
1800	289cef8c58a9ee93044653521af992b0N.exe
1800	289cef8c58a9ee93044653521af992b0N.exe
3368	289cef8c58a9ee93044653521af992b0N.exe
3368	289cef8c58a9ee93044653521af992b0N.exe
4108	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
4316	289cef8c58a9ee93044653521af992b0N.exe
4108	289cef8c58a9ee93044653521af992b0N.exe
1880	289cef8c58a9ee93044653521af992b0N.exe
1880	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
3048	289cef8c58a9ee93044653521af992b0N.exe
4872	289cef8c58a9ee93044653521af992b0N.exe
4872	289cef8c58a9ee93044653521af992b0N.exe
4240	289cef8c58a9ee93044653521af992b0N.exe
4240	289cef8c58a9ee93044653521af992b0N.exe
2796	289cef8c58a9ee93044653521af992b0N.exe
2796	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
2220	289cef8c58a9ee93044653521af992b0N.exe
864	289cef8c58a9ee93044653521af992b0N.exe
864	289cef8c58a9ee93044653521af992b0N.exe
1376	289cef8c58a9ee93044653521af992b0N.exe
1376	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
3932	289cef8c58a9ee93044653521af992b0N.exe
4472	289cef8c58a9ee93044653521af992b0N.exe
4472	289cef8c58a9ee93044653521af992b0N.exe
2104	289cef8c58a9ee93044653521af992b0N.exe
2104	289cef8c58a9ee93044653521af992b0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 2220	4316	289cef8c58a9ee93044653521af992b0N.exe	85
PID 4316 wrote to memory of 2220	4316	289cef8c58a9ee93044653521af992b0N.exe	85
PID 4316 wrote to memory of 2220	4316	289cef8c58a9ee93044653521af992b0N.exe	85
PID 4316 wrote to memory of 3048	4316	289cef8c58a9ee93044653521af992b0N.exe	90
PID 4316 wrote to memory of 3048	4316	289cef8c58a9ee93044653521af992b0N.exe	90
PID 4316 wrote to memory of 3048	4316	289cef8c58a9ee93044653521af992b0N.exe	90
PID 2220 wrote to memory of 3932	2220	289cef8c58a9ee93044653521af992b0N.exe	91
PID 2220 wrote to memory of 3932	2220	289cef8c58a9ee93044653521af992b0N.exe	91
PID 2220 wrote to memory of 3932	2220	289cef8c58a9ee93044653521af992b0N.exe	91
PID 4316 wrote to memory of 4108	4316	289cef8c58a9ee93044653521af992b0N.exe	93
PID 4316 wrote to memory of 4108	4316	289cef8c58a9ee93044653521af992b0N.exe	93
PID 4316 wrote to memory of 4108	4316	289cef8c58a9ee93044653521af992b0N.exe	93
PID 3048 wrote to memory of 2796	3048	289cef8c58a9ee93044653521af992b0N.exe	94
PID 3048 wrote to memory of 2796	3048	289cef8c58a9ee93044653521af992b0N.exe	94
PID 3048 wrote to memory of 2796	3048	289cef8c58a9ee93044653521af992b0N.exe	94
PID 2220 wrote to memory of 4472	2220	289cef8c58a9ee93044653521af992b0N.exe	95
PID 2220 wrote to memory of 4472	2220	289cef8c58a9ee93044653521af992b0N.exe	95
PID 2220 wrote to memory of 4472	2220	289cef8c58a9ee93044653521af992b0N.exe	95
PID 3932 wrote to memory of 3284	3932	289cef8c58a9ee93044653521af992b0N.exe	96
PID 3932 wrote to memory of 3284	3932	289cef8c58a9ee93044653521af992b0N.exe	96
PID 3932 wrote to memory of 3284	3932	289cef8c58a9ee93044653521af992b0N.exe	96
PID 4108 wrote to memory of 1800	4108	289cef8c58a9ee93044653521af992b0N.exe	98
PID 4108 wrote to memory of 1800	4108	289cef8c58a9ee93044653521af992b0N.exe	98
PID 4108 wrote to memory of 1800	4108	289cef8c58a9ee93044653521af992b0N.exe	98
PID 4316 wrote to memory of 3368	4316	289cef8c58a9ee93044653521af992b0N.exe	99
PID 4316 wrote to memory of 3368	4316	289cef8c58a9ee93044653521af992b0N.exe	99
PID 4316 wrote to memory of 3368	4316	289cef8c58a9ee93044653521af992b0N.exe	99
PID 3048 wrote to memory of 1880	3048	289cef8c58a9ee93044653521af992b0N.exe	100
PID 3048 wrote to memory of 1880	3048	289cef8c58a9ee93044653521af992b0N.exe	100
PID 3048 wrote to memory of 1880	3048	289cef8c58a9ee93044653521af992b0N.exe	100
PID 2796 wrote to memory of 4872	2796	289cef8c58a9ee93044653521af992b0N.exe	101
PID 2796 wrote to memory of 4872	2796	289cef8c58a9ee93044653521af992b0N.exe	101
PID 2796 wrote to memory of 4872	2796	289cef8c58a9ee93044653521af992b0N.exe	101
PID 2220 wrote to memory of 4240	2220	289cef8c58a9ee93044653521af992b0N.exe	102
PID 2220 wrote to memory of 4240	2220	289cef8c58a9ee93044653521af992b0N.exe	102
PID 2220 wrote to memory of 4240	2220	289cef8c58a9ee93044653521af992b0N.exe	102
PID 3932 wrote to memory of 864	3932	289cef8c58a9ee93044653521af992b0N.exe	103
PID 3932 wrote to memory of 864	3932	289cef8c58a9ee93044653521af992b0N.exe	103
PID 3932 wrote to memory of 864	3932	289cef8c58a9ee93044653521af992b0N.exe	103
PID 4472 wrote to memory of 1376	4472	289cef8c58a9ee93044653521af992b0N.exe	104
PID 4472 wrote to memory of 1376	4472	289cef8c58a9ee93044653521af992b0N.exe	104
PID 4472 wrote to memory of 1376	4472	289cef8c58a9ee93044653521af992b0N.exe	104
PID 3284 wrote to memory of 2104	3284	289cef8c58a9ee93044653521af992b0N.exe	105
PID 3284 wrote to memory of 2104	3284	289cef8c58a9ee93044653521af992b0N.exe	105
PID 3284 wrote to memory of 2104	3284	289cef8c58a9ee93044653521af992b0N.exe	105
PID 4316 wrote to memory of 4248	4316	289cef8c58a9ee93044653521af992b0N.exe	107
PID 4316 wrote to memory of 4248	4316	289cef8c58a9ee93044653521af992b0N.exe	107
PID 4316 wrote to memory of 4248	4316	289cef8c58a9ee93044653521af992b0N.exe	107
PID 4108 wrote to memory of 1632	4108	289cef8c58a9ee93044653521af992b0N.exe	108
PID 4108 wrote to memory of 1632	4108	289cef8c58a9ee93044653521af992b0N.exe	108
PID 4108 wrote to memory of 1632	4108	289cef8c58a9ee93044653521af992b0N.exe	108
PID 1800 wrote to memory of 4192	1800	289cef8c58a9ee93044653521af992b0N.exe	109
PID 1800 wrote to memory of 4192	1800	289cef8c58a9ee93044653521af992b0N.exe	109
PID 1800 wrote to memory of 4192	1800	289cef8c58a9ee93044653521af992b0N.exe	109
PID 3048 wrote to memory of 1312	3048	289cef8c58a9ee93044653521af992b0N.exe	110
PID 3048 wrote to memory of 1312	3048	289cef8c58a9ee93044653521af992b0N.exe	110
PID 3048 wrote to memory of 1312	3048	289cef8c58a9ee93044653521af992b0N.exe	110
PID 3368 wrote to memory of 3480	3368	289cef8c58a9ee93044653521af992b0N.exe	111
PID 3368 wrote to memory of 3480	3368	289cef8c58a9ee93044653521af992b0N.exe	111
PID 3368 wrote to memory of 3480	3368	289cef8c58a9ee93044653521af992b0N.exe	111
PID 2796 wrote to memory of 4060	2796	289cef8c58a9ee93044653521af992b0N.exe	112
PID 2796 wrote to memory of 4060	2796	289cef8c58a9ee93044653521af992b0N.exe	112
PID 2796 wrote to memory of 4060	2796	289cef8c58a9ee93044653521af992b0N.exe	112
PID 2220 wrote to memory of 4444	2220	289cef8c58a9ee93044653521af992b0N.exe	113

C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
"C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        7⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11544
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11624
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11784
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11480
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11520
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:12476
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:9740
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11496
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:10616
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11568
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11720
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:12204
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6768
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7516
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11560
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4108
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11744
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11728
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6348
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7580
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:9976
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11284
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3368
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11268
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6804
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7428
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11640
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:4248
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
      4⤵
      PID:11752
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6428
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7636
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11552
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:5196
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:6900
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:7420
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:9788
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11276
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:6244
- - C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
    3⤵
    PID:11584
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:7588
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:9968
- C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\289cef8c58a9ee93044653521af992b0N.exe"
  2⤵
  PID:11760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality lesbian voyeur young .mpg.exe

Filesize
1.5MB

MD5
feb943829fbef48a9a3bfd2c06fad481

SHA1
15a826fa4a871a397fd1f8fc958931202d9f49d1

SHA256
52705038666a53a66517b3769f0cb60a302e79bc5875f3b074b41e16efda281c

SHA512
e2579aea69125eb8120f782bdfdcc0eba73cb6e3637b98a65d24db53d36f553eec68f45b8e086842819ae3006382adbd86e972209b15519d8326937595525cc5

Download Submit
memory/864-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1260-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1376-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1632-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2440-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3048-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3480-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3648-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3672-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4000-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4060-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4240-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4248-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4316-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4472-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4672-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4696-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5196-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5252-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5272-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5340-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5384-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5404-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5416-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5472-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5496-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5504-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5516-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5528-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5768-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5776-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5844-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5920-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5928-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6000-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6100-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6168-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6184-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6244-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6304-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6320-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6392-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6496-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6520-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6588-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6620-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6768-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6796-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6804-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6812-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6820-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6828-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6900-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7020-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7420-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7428-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7436-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7444-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7476-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7492-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7508-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7516-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7524-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7532-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7540-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7548-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7556-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7564-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7580-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7604-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7612-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7636-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7668-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7716-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7724-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8016-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8384-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8640-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8648-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8656-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8932-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8992-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9172-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9740-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9760-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9768-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9780-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9788-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9796-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9804-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9812-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9920-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download