dbd5dbf43f051e764f98624eb203ae675924eecbd1461adfe38f913afdfc5db1

Analysis

max time kernel
9s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4480b92adee565da9869ab220773f5b0N.exe
Size

745KB
MD5

4480b92adee565da9869ab220773f5b0
SHA1

86485d7a3d170cda9f166d2947127140ca2ab417
SHA256

dbd5dbf43f051e764f98624eb203ae675924eecbd1461adfe38f913afdfc5db1
SHA512

8b012b715390906aa87b044af99639f716bec42c69065315d76536b15521fd66daa2283e62ec9e03524a61d9e1a5ffa3056b44f8329848f2f71ba3566173c9a9
SSDEEP

12288:bPKL8qrRHroclNT9OdeHL7fR3RRcc3A7Aodmyc2px83LwKWqF2kJC5x:bSL3LoMHOdO7fRcX7MN2nlHqFrJkx

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	4480b92adee565da9869ab220773f5b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	4480b92adee565da9869ab220773f5b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	4480b92adee565da9869ab220773f5b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	4480b92adee565da9869ab220773f5b0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3272-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00110000000233cb-5.dat	upx
behavioral2/memory/5060-66-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2544-171-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2460-170-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/376-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3976-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4496-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1832-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3852-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3272-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4868-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/724-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3728-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5088-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5060-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2696-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2544-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2460-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/376-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4496-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1496-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1832-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5076-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3976-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2336-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4192-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4868-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3852-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2696-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3084-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1740-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3728-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1384-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1496-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5076-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2836-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3912-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2336-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2016-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4512-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1260-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1736-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1616-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1620-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2036-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4328-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1060-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4204-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2080-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1388-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1636-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4668-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5664-251-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5656-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5888-253-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5976-261-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5948-260-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5940-259-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5848-258-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6132-263-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5900-257-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3152-270-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6236-269-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4480b92adee565da9869ab220773f5b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\M:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\N:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\X:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\Y:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\E:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\G:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\H:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\O:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\Q:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\R:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\U:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\V:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\Z:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\B:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\J:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\K:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\S:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\T:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\W:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\A:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\I:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\P:	4480b92adee565da9869ab220773f5b0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\italian animal kicking several models titts .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian horse hot (!) traffic .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese action beastiality hot (!) nipples .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\fucking lesbian leather (Britney,Karin).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\action lingerie [milf] .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\beast hidden .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black trambling [milf] glans high heels .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian beast [free] boobs .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\spanish kicking lesbian (Kathrin).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\kicking several models boobs (Sylvia,Ashley).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking several models shower (Janette).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian bukkake bukkake full movie vagina .zip.exe	4480b92adee565da9869ab220773f5b0N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\chinese beastiality several models bedroom (Christine,Sarah).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\dotnet\shared\japanese beastiality girls hole .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish trambling big (Melissa,Samantha).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian cum licking bondage .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\beastiality public cock .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum uncut sweet (Britney,Curtney).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\spanish sperm kicking full movie hole .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese cumshot catfight .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian beast catfight .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\malaysia beastiality handjob hot (!) ash gorgeoushorny .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\african nude [free] wifey .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german kicking [free] .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian cumshot horse big hole circumcision .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake public .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian cum hidden (Janette).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\kicking porn [bangbus] mature .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\french beastiality cum sleeping glans ejaculation .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay licking nipples (Curtney,Jenna).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\hardcore public (Curtney,Christine).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\british bukkake horse hot (!) cock .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\norwegian horse cumshot public hole .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\cumshot public mistress .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\sperm trambling masturbation titts boots .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\british lingerie [bangbus] .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\tyrkish sperm lesbian catfight gorgeoushorny .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\tmp\black animal masturbation fishy .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian blowjob porn hot (!) gorgeoushorny .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african fetish sleeping nipples .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie animal catfight vagina mistress .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\animal animal sleeping bondage .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot licking (Jenna).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian porn xxx [milf] mistress .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\hardcore cum [free] vagina .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\brasilian handjob kicking hot (!) pregnant .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian beast beastiality [bangbus] sweet .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\PLA\Templates\danish horse licking (Karin).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian beast action girls .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\tyrkish hardcore licking shoes (Tatjana).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish horse lesbian legs pregnant (Samantha,Jenna).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\canadian kicking beastiality licking gorgeoushorny .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french bukkake big hairy .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\animal hot (!) .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\american hardcore xxx lesbian boobs (Sandy,Sylvia).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\japanese handjob big sm .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gang bang nude lesbian 40+ .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish sperm voyeur feet high heels (Sylvia).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\InputMethod\SHARED\african bukkake trambling sleeping feet hairy (Karin,Sylvia).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american action beastiality hidden nipples (Sandy).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german trambling animal [bangbus] legs leather (Sylvia).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\canadian sperm cumshot public redhair (Sandy,Sonja).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american nude kicking [bangbus] .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\black gay catfight glans swallow .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\temp\german animal action full movie femdom (Liz).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\CbsTemp\black blowjob catfight .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\german blowjob several models hole .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\danish horse trambling public ejaculation .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\mssrv.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\lesbian public ash mistress .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\beast lingerie girls hole (Kathrin,Kathrin).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\fetish sleeping bedroom .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm horse girls .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\animal beastiality [free] hole (Anniston).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\nude big 50+ .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\norwegian blowjob sleeping .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\brasilian porn blowjob lesbian granny .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\black trambling public YEâPSè& .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\spanish bukkake hot (!) feet (Anniston,Sylvia).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\blowjob full movie .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french hardcore voyeur granny .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian gay horse big latex .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\action licking ash .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\porn animal hidden 50+ (Tatjana,Curtney).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse bukkake sleeping traffic .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish kicking several models legs penetration .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\nude action big ejaculation (Samantha,Jade).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african fucking sleeping .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cumshot uncut (Karin,Britney).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\horse catfight granny (Liz).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Downloaded Program Files\russian animal voyeur .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\security\templates\german trambling animal uncut blondie .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\canadian gay animal public .zip.exe	4480b92adee565da9869ab220773f5b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
3272	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
2460	4480b92adee565da9869ab220773f5b0N.exe
2460	4480b92adee565da9869ab220773f5b0N.exe
2544	4480b92adee565da9869ab220773f5b0N.exe
2544	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
376	4480b92adee565da9869ab220773f5b0N.exe
376	4480b92adee565da9869ab220773f5b0N.exe
3976	4480b92adee565da9869ab220773f5b0N.exe
3976	4480b92adee565da9869ab220773f5b0N.exe
4496	4480b92adee565da9869ab220773f5b0N.exe
4496	4480b92adee565da9869ab220773f5b0N.exe
2460	4480b92adee565da9869ab220773f5b0N.exe
2460	4480b92adee565da9869ab220773f5b0N.exe
1832	4480b92adee565da9869ab220773f5b0N.exe
1832	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
3272	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe
5060	4480b92adee565da9869ab220773f5b0N.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 5060	3272	4480b92adee565da9869ab220773f5b0N.exe	84
PID 3272 wrote to memory of 5060	3272	4480b92adee565da9869ab220773f5b0N.exe	84
PID 3272 wrote to memory of 5060	3272	4480b92adee565da9869ab220773f5b0N.exe	84
PID 5060 wrote to memory of 2460	5060	4480b92adee565da9869ab220773f5b0N.exe	86
PID 5060 wrote to memory of 2460	5060	4480b92adee565da9869ab220773f5b0N.exe	86
PID 5060 wrote to memory of 2460	5060	4480b92adee565da9869ab220773f5b0N.exe	86
PID 3272 wrote to memory of 2544	3272	4480b92adee565da9869ab220773f5b0N.exe	87
PID 3272 wrote to memory of 2544	3272	4480b92adee565da9869ab220773f5b0N.exe	87
PID 3272 wrote to memory of 2544	3272	4480b92adee565da9869ab220773f5b0N.exe	87
PID 2460 wrote to memory of 376	2460	4480b92adee565da9869ab220773f5b0N.exe	88
PID 2460 wrote to memory of 376	2460	4480b92adee565da9869ab220773f5b0N.exe	88
PID 2460 wrote to memory of 376	2460	4480b92adee565da9869ab220773f5b0N.exe	88
PID 3272 wrote to memory of 3976	3272	4480b92adee565da9869ab220773f5b0N.exe	89
PID 3272 wrote to memory of 3976	3272	4480b92adee565da9869ab220773f5b0N.exe	89
PID 3272 wrote to memory of 3976	3272	4480b92adee565da9869ab220773f5b0N.exe	89
PID 5060 wrote to memory of 4496	5060	4480b92adee565da9869ab220773f5b0N.exe	90
PID 5060 wrote to memory of 4496	5060	4480b92adee565da9869ab220773f5b0N.exe	90
PID 5060 wrote to memory of 4496	5060	4480b92adee565da9869ab220773f5b0N.exe	90
PID 2544 wrote to memory of 1832	2544	4480b92adee565da9869ab220773f5b0N.exe	91
PID 2544 wrote to memory of 1832	2544	4480b92adee565da9869ab220773f5b0N.exe	91
PID 2544 wrote to memory of 1832	2544	4480b92adee565da9869ab220773f5b0N.exe	91
PID 2460 wrote to memory of 4868	2460	4480b92adee565da9869ab220773f5b0N.exe	92
PID 2460 wrote to memory of 4868	2460	4480b92adee565da9869ab220773f5b0N.exe	92
PID 2460 wrote to memory of 4868	2460	4480b92adee565da9869ab220773f5b0N.exe	92
PID 5060 wrote to memory of 3852	5060	4480b92adee565da9869ab220773f5b0N.exe	93
PID 5060 wrote to memory of 3852	5060	4480b92adee565da9869ab220773f5b0N.exe	93
PID 5060 wrote to memory of 3852	5060	4480b92adee565da9869ab220773f5b0N.exe	93

C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
"C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5060
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:18436
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:19028
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:21676
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:24428
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18484
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:24656
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:19532
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19516
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:20732
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18752
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18476
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18696
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18688
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17732
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19484
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19812
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:21996
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:19476
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:24284
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:21988
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13956
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17836
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18768
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:19800
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:18736
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:19020
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17804
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18568
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:24672
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:232
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17916
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18508
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:23424
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18532
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:19524
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13932
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17936
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:19508
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18452
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17740
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17164
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17148
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17416
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18584
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:20000
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10424
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13940
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17964
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:724
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18492
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:19796
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:24664
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18500
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:968
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18672
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13812
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17424
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:18720
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:20792
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13868
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17060
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:23416
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13788
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17812
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:6220
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:14148
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:18516
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:7692
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17532
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:10376
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:13924
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:17384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish trambling big (Melissa,Samantha).zip.exe

Filesize
1.2MB

MD5
66b13da75e2df5edfbbe645720e8f1bc

SHA1
767677094f39aa82483ccd53a6d64fe6844bd359

SHA256
e9a8727a597eccb9058008256ca17f3e6b1f0a4a8405736e8ff0da6d968bf832

SHA512
426b089c84f20fd68cb43d9afabc0a293fcd497bf706674119981b08b9999124bdeb7d098d1dca9dfe853486365186f5095d6d800b4182f6676e382bd57665fe

Download Submit
memory/376-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/376-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/724-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1060-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1060-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1260-294-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1260-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1384-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1616-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1620-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1620-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1636-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1636-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1736-293-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1736-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1740-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1832-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1832-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2016-296-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2016-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2036-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2036-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2080-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2080-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2544-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2544-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2696-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2696-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2836-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2836-284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3084-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3152-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3272-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3272-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3728-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3728-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3852-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3852-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3912-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3912-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3976-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3976-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4192-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4204-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4204-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4328-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4328-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4456-304-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4496-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4496-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4512-295-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4512-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4668-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4868-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4868-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5060-66-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5060-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5076-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5076-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5088-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5656-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5656-298-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5664-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5664-299-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5692-303-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5692-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5848-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5888-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5900-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5940-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5948-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5976-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6132-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6172-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6180-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6188-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6196-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6204-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6212-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6220-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6228-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6236-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6356-305-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6980-297-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7132-300-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7140-301-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7148-302-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download