eaedcb237e2611b67d123443d556e4fa5a2b22d15f83f056763ba49095cae7f9

Analysis

max time kernel
23s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9055c4620af8fef19796837157a662c0N.exe
Size

416KB
MD5

9055c4620af8fef19796837157a662c0
SHA1

649cde719a6d1fd965fca6e1435aa7bbd5791a95
SHA256

eaedcb237e2611b67d123443d556e4fa5a2b22d15f83f056763ba49095cae7f9
SHA512

36ddf2238dd147dcdc68b275038780b1e47ef9b9badfff7aa3eaeac2d646894ebc7a10788fccb076b95ae819d19c24a4ab85ae484ff6d44f901ec57576eaed03
SSDEEP

12288:dXCNi9BWr9jIaz0u5++EEcAfJjcQGX2nka6s0:oWQGg0uYEFJjcQGX2k80

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9055c4620af8fef19796837157a662c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\B:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\N:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\T:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\Z:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\G:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\H:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\J:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\L:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\Q:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\V:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\X:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\E:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\M:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\O:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\R:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\U:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\Y:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\I:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\K:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\P:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\S:	9055c4620af8fef19796837157a662c0N.exe
File opened (read-only)	\??\W:	9055c4620af8fef19796837157a662c0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish handjob licking traffic .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\british porn beast voyeur girly .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese porn xxx lesbian shoes .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie sleeping high heels .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian porn public titts boots (Sarah,Sonja).avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action xxx hidden ash wifey .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american kicking voyeur feet hotel .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\canadian beastiality big titts beautyfull (Sylvia).rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish handjob several models hole boots .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian bukkake catfight .avi.exe	9055c4620af8fef19796837157a662c0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german hardcore hardcore big (Ashley,Ashley).avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files\Windows Journal\Templates\italian xxx lesbian .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese gang bang nude public titts YEâPSè& .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling girls titts .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african beastiality action hot (!) .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\chinese cum girls boobs penetration (Gina,Janette).zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files\DVD Maker\Shared\cumshot gang bang uncut .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\british action full movie hole .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Google\Temp\italian lesbian handjob girls lady .avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\cumshot hardcore licking vagina bondage .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\african cum lesbian titts bedroom .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\hardcore xxx licking .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\fucking trambling sleeping hole .mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling uncut glans sweet .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american cumshot lesbian [free] boots .zip.exe	9055c4620af8fef19796837157a662c0N.exe

Drops file in Windows directory 33 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american gay [milf] hole shower (Tatjana,Liz).mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beastiality gay big hotel .avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian gay horse [bangbus] circumcision .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\porn fucking lesbian .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cum sperm catfight castration (Karin).avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\temp\chinese beastiality horse hidden .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\asian bukkake lesbian feet 50+ .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\hardcore lesbian big .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian gay porn [milf] .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn trambling full movie traffic .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\gang bang full movie leather .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fetish girls Ôë (Janette,Liz).rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob bukkake girls (Kathrin).mpg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gang bang lesbian hot (!) feet girly (Britney,Sarah).zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black horse full movie castration .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish lingerie gay public (Sandy).mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german gang bang nude licking ejaculation (Ashley).mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\security\templates\american gay [free] sweet .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian action full movie .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish bukkake uncut sm .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\mssrv.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\tmp\italian sperm xxx catfight balls .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\PLA\Templates\horse cumshot masturbation leather .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\asian action lesbian hole sweet (Sandy).zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british xxx action masturbation .rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia beast kicking uncut black hairunshaved .avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\Downloaded Program Files\danish cum trambling masturbation 40+ .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking [bangbus] (Gina,Sarah).zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish action kicking uncut wifey (Kathrin).rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian kicking fucking big boots .zip.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking horse [free] (Curtney,Kathrin).avi.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse big feet black hairunshaved (Curtney).rar.exe	9055c4620af8fef19796837157a662c0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian cum [bangbus] .mpeg.exe	9055c4620af8fef19796837157a662c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 42 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9055c4620af8fef19796837157a662c0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1072	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
1072	9055c4620af8fef19796837157a662c0N.exe
2296	9055c4620af8fef19796837157a662c0N.exe
2780	9055c4620af8fef19796837157a662c0N.exe
1072	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
2408	9055c4620af8fef19796837157a662c0N.exe
2680	9055c4620af8fef19796837157a662c0N.exe
1072	9055c4620af8fef19796837157a662c0N.exe
2296	9055c4620af8fef19796837157a662c0N.exe
2492	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
2580	9055c4620af8fef19796837157a662c0N.exe
2780	9055c4620af8fef19796837157a662c0N.exe
3020	9055c4620af8fef19796837157a662c0N.exe
2296	9055c4620af8fef19796837157a662c0N.exe
1072	9055c4620af8fef19796837157a662c0N.exe
2680	9055c4620af8fef19796837157a662c0N.exe
3004	9055c4620af8fef19796837157a662c0N.exe
2492	9055c4620af8fef19796837157a662c0N.exe
2652	9055c4620af8fef19796837157a662c0N.exe
3040	9055c4620af8fef19796837157a662c0N.exe
2184	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
2192	9055c4620af8fef19796837157a662c0N.exe
916	9055c4620af8fef19796837157a662c0N.exe
2408	9055c4620af8fef19796837157a662c0N.exe
2324	9055c4620af8fef19796837157a662c0N.exe
2780	9055c4620af8fef19796837157a662c0N.exe
2580	9055c4620af8fef19796837157a662c0N.exe
2464	9055c4620af8fef19796837157a662c0N.exe
2296	9055c4620af8fef19796837157a662c0N.exe
2224	9055c4620af8fef19796837157a662c0N.exe
3020	9055c4620af8fef19796837157a662c0N.exe
1072	9055c4620af8fef19796837157a662c0N.exe
2680	9055c4620af8fef19796837157a662c0N.exe
2096	9055c4620af8fef19796837157a662c0N.exe
2368	9055c4620af8fef19796837157a662c0N.exe
2428	9055c4620af8fef19796837157a662c0N.exe
2492	9055c4620af8fef19796837157a662c0N.exe
2204	9055c4620af8fef19796837157a662c0N.exe
1988	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
2276	9055c4620af8fef19796837157a662c0N.exe
2208	9055c4620af8fef19796837157a662c0N.exe
2208	9055c4620af8fef19796837157a662c0N.exe
1724	9055c4620af8fef19796837157a662c0N.exe
1724	9055c4620af8fef19796837157a662c0N.exe
980	9055c4620af8fef19796837157a662c0N.exe
980	9055c4620af8fef19796837157a662c0N.exe
3004	9055c4620af8fef19796837157a662c0N.exe
3004	9055c4620af8fef19796837157a662c0N.exe
1380	9055c4620af8fef19796837157a662c0N.exe
1380	9055c4620af8fef19796837157a662c0N.exe
2652	9055c4620af8fef19796837157a662c0N.exe
2652	9055c4620af8fef19796837157a662c0N.exe
2344	9055c4620af8fef19796837157a662c0N.exe
2344	9055c4620af8fef19796837157a662c0N.exe
1688	9055c4620af8fef19796837157a662c0N.exe
1688	9055c4620af8fef19796837157a662c0N.exe
2184	9055c4620af8fef19796837157a662c0N.exe
2184	9055c4620af8fef19796837157a662c0N.exe
2408	9055c4620af8fef19796837157a662c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2276	1072	9055c4620af8fef19796837157a662c0N.exe	29
PID 1072 wrote to memory of 2276	1072	9055c4620af8fef19796837157a662c0N.exe	29
PID 1072 wrote to memory of 2276	1072	9055c4620af8fef19796837157a662c0N.exe	29
PID 1072 wrote to memory of 2276	1072	9055c4620af8fef19796837157a662c0N.exe	29
PID 1072 wrote to memory of 2296	1072	9055c4620af8fef19796837157a662c0N.exe	30
PID 1072 wrote to memory of 2296	1072	9055c4620af8fef19796837157a662c0N.exe	30
PID 1072 wrote to memory of 2296	1072	9055c4620af8fef19796837157a662c0N.exe	30
PID 1072 wrote to memory of 2296	1072	9055c4620af8fef19796837157a662c0N.exe	30
PID 2276 wrote to memory of 2780	2276	9055c4620af8fef19796837157a662c0N.exe	31
PID 2276 wrote to memory of 2780	2276	9055c4620af8fef19796837157a662c0N.exe	31
PID 2276 wrote to memory of 2780	2276	9055c4620af8fef19796837157a662c0N.exe	31
PID 2276 wrote to memory of 2780	2276	9055c4620af8fef19796837157a662c0N.exe	31
PID 1072 wrote to memory of 2408	1072	9055c4620af8fef19796837157a662c0N.exe	33
PID 1072 wrote to memory of 2408	1072	9055c4620af8fef19796837157a662c0N.exe	33
PID 1072 wrote to memory of 2408	1072	9055c4620af8fef19796837157a662c0N.exe	33
PID 1072 wrote to memory of 2408	1072	9055c4620af8fef19796837157a662c0N.exe	33
PID 2296 wrote to memory of 2680	2296	9055c4620af8fef19796837157a662c0N.exe	32
PID 2296 wrote to memory of 2680	2296	9055c4620af8fef19796837157a662c0N.exe	32
PID 2296 wrote to memory of 2680	2296	9055c4620af8fef19796837157a662c0N.exe	32
PID 2296 wrote to memory of 2680	2296	9055c4620af8fef19796837157a662c0N.exe	32
PID 2276 wrote to memory of 2492	2276	9055c4620af8fef19796837157a662c0N.exe	34
PID 2276 wrote to memory of 2492	2276	9055c4620af8fef19796837157a662c0N.exe	34
PID 2276 wrote to memory of 2492	2276	9055c4620af8fef19796837157a662c0N.exe	34
PID 2276 wrote to memory of 2492	2276	9055c4620af8fef19796837157a662c0N.exe	34
PID 2780 wrote to memory of 2580	2780	9055c4620af8fef19796837157a662c0N.exe	35
PID 2780 wrote to memory of 2580	2780	9055c4620af8fef19796837157a662c0N.exe	35
PID 2780 wrote to memory of 2580	2780	9055c4620af8fef19796837157a662c0N.exe	35
PID 2780 wrote to memory of 2580	2780	9055c4620af8fef19796837157a662c0N.exe	35
PID 2296 wrote to memory of 3004	2296	9055c4620af8fef19796837157a662c0N.exe	37
PID 2296 wrote to memory of 3004	2296	9055c4620af8fef19796837157a662c0N.exe	37
PID 2296 wrote to memory of 3004	2296	9055c4620af8fef19796837157a662c0N.exe	37
PID 2296 wrote to memory of 3004	2296	9055c4620af8fef19796837157a662c0N.exe	37
PID 1072 wrote to memory of 3020	1072	9055c4620af8fef19796837157a662c0N.exe	36
PID 1072 wrote to memory of 3020	1072	9055c4620af8fef19796837157a662c0N.exe	36
PID 1072 wrote to memory of 3020	1072	9055c4620af8fef19796837157a662c0N.exe	36
PID 1072 wrote to memory of 3020	1072	9055c4620af8fef19796837157a662c0N.exe	36
PID 2680 wrote to memory of 2652	2680	9055c4620af8fef19796837157a662c0N.exe	38
PID 2680 wrote to memory of 2652	2680	9055c4620af8fef19796837157a662c0N.exe	38
PID 2680 wrote to memory of 2652	2680	9055c4620af8fef19796837157a662c0N.exe	38
PID 2680 wrote to memory of 2652	2680	9055c4620af8fef19796837157a662c0N.exe	38
PID 2492 wrote to memory of 3040	2492	9055c4620af8fef19796837157a662c0N.exe	39
PID 2492 wrote to memory of 3040	2492	9055c4620af8fef19796837157a662c0N.exe	39
PID 2492 wrote to memory of 3040	2492	9055c4620af8fef19796837157a662c0N.exe	39
PID 2492 wrote to memory of 3040	2492	9055c4620af8fef19796837157a662c0N.exe	39
PID 2276 wrote to memory of 2184	2276	9055c4620af8fef19796837157a662c0N.exe	40
PID 2276 wrote to memory of 2184	2276	9055c4620af8fef19796837157a662c0N.exe	40
PID 2276 wrote to memory of 2184	2276	9055c4620af8fef19796837157a662c0N.exe	40
PID 2276 wrote to memory of 2184	2276	9055c4620af8fef19796837157a662c0N.exe	40
PID 2408 wrote to memory of 2192	2408	9055c4620af8fef19796837157a662c0N.exe	41
PID 2408 wrote to memory of 2192	2408	9055c4620af8fef19796837157a662c0N.exe	41
PID 2408 wrote to memory of 2192	2408	9055c4620af8fef19796837157a662c0N.exe	41
PID 2408 wrote to memory of 2192	2408	9055c4620af8fef19796837157a662c0N.exe	41
PID 2780 wrote to memory of 916	2780	9055c4620af8fef19796837157a662c0N.exe	42
PID 2780 wrote to memory of 916	2780	9055c4620af8fef19796837157a662c0N.exe	42
PID 2780 wrote to memory of 916	2780	9055c4620af8fef19796837157a662c0N.exe	42
PID 2780 wrote to memory of 916	2780	9055c4620af8fef19796837157a662c0N.exe	42
PID 2580 wrote to memory of 2324	2580	9055c4620af8fef19796837157a662c0N.exe	43
PID 2580 wrote to memory of 2324	2580	9055c4620af8fef19796837157a662c0N.exe	43
PID 2580 wrote to memory of 2324	2580	9055c4620af8fef19796837157a662c0N.exe	43
PID 2580 wrote to memory of 2324	2580	9055c4620af8fef19796837157a662c0N.exe	43
PID 2296 wrote to memory of 2464	2296	9055c4620af8fef19796837157a662c0N.exe	44
PID 2296 wrote to memory of 2464	2296	9055c4620af8fef19796837157a662c0N.exe	44
PID 2296 wrote to memory of 2464	2296	9055c4620af8fef19796837157a662c0N.exe	44
PID 2296 wrote to memory of 2464	2296	9055c4620af8fef19796837157a662c0N.exe	44

C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
"C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:10040
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:9536
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:11108
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:9760
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:10072
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:8428
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:11232
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        7⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:9604
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3460
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:9680
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:9984
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:11132
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:6288
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:9596
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3768
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8560
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:6088
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:10064
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:10000
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:10968
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:1876
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:4244
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:6312
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:9776
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:11000
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:6436
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:9768
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:5376
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:8412
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:3996
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:5188
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:8124
- - C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
    3⤵
    PID:10920
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  PID:4432
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  PID:6296
- C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9055c4620af8fef19796837157a662c0N.exe"
  2⤵
  PID:9852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\british action full movie hole .mpeg.exe

Filesize
701KB

MD5
381f6801aae7222eae7f81eaf8180654

SHA1
d6cd8db6a1b711bfc4f8c33d9db9a6e9b8f446ef

SHA256
c613a450d34d2d59063ba9cfdf5be2cc7ffbf627062194ed5518c1204191dc32

SHA512
55fd6efc9a72e767f2ee6749158b0ed32aa8056c1cedc0eaf47e8a9dfe0ccf4c2a446d1213a6bd3c81a2e908fbab202ca591510e914e32c3326735042c6d5062

Download Submit
memory/916-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/916-161-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/980-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/980-153-0x0000000004800000-0x000000000482B000-memory.dmp

Filesize
172KB

Download
memory/1072-157-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-85-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-173-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-72-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-169-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-15-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-96-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-57-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-150-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1072-144-0x00000000047A0000-0x00000000047CB000-memory.dmp

Filesize
172KB

Download
memory/1080-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1380-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1592-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1688-182-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/1724-146-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/1724-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1748-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-133-0x00000000044F0000-0x000000000451B000-memory.dmp

Filesize
172KB

Download
memory/1988-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-123-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2096-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2184-135-0x0000000004600000-0x000000000462B000-memory.dmp

Filesize
172KB

Download
memory/2184-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-156-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2204-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2204-128-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2208-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-134-0x0000000001D80000-0x0000000001DAB000-memory.dmp

Filesize
172KB

Download
memory/2224-121-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2224-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2224-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-90-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2276-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-126-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2276-109-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2276-16-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2296-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2296-86-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2296-58-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2296-158-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2296-166-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2296-116-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2304-189-0x00000000020E0000-0x000000000210B000-memory.dmp

Filesize
172KB

Download
memory/2324-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2324-114-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2324-163-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2344-177-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2344-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2368-122-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2368-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2368-186-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2408-73-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2408-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2408-136-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2428-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2428-125-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2428-188-0x0000000004A80000-0x0000000004AAB000-memory.dmp

Filesize
172KB

Download
memory/2464-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-115-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2492-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-187-0x0000000000750000-0x000000000077B000-memory.dmp

Filesize
172KB

Download
memory/2492-124-0x0000000000750000-0x000000000077B000-memory.dmp

Filesize
172KB

Download
memory/2492-103-0x0000000000750000-0x000000000077B000-memory.dmp

Filesize
172KB

Download
memory/2492-179-0x0000000000750000-0x000000000077B000-memory.dmp

Filesize
172KB

Download
memory/2580-76-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2580-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2580-149-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2652-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2652-130-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/2680-175-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/2680-174-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2680-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2680-74-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2680-97-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2780-59-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2780-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-127-0x0000000004960000-0x000000000498B000-memory.dmp

Filesize
172KB

Download
memory/3004-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3020-87-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3020-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3020-117-0x0000000004800000-0x000000000482B000-memory.dmp

Filesize
172KB

Download
memory/3040-141-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/3040-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3040-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3344-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download