6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017

Analysis

max time kernel
16s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Size

2.0MB
MD5

a7a963f4baaefbdf9043e30d900b5b20
SHA1

3ff01b8455f3200d465869c3a5a2866f197f2a1d
SHA256

6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017
SHA512

d5ec31291f3dcd9ba328707509923540ca81ccfca8eb6405688fce8194d2a53649d0f00203d2a402f5d06f0a9e49bc8b190a1c693fe5eb91991d6db12eb0996d
SSDEEP

49152:VHSRQDhp0PQXAm3SwVQpp+xZXP2W1TrfDGyaGQbOD:iQTWuVJupQZuuLGy

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\E:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\M:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\O:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Q:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\P:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\R:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\S:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\W:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\U:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\X:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Z:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\I:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\J:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\K:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\L:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\A:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\B:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\G:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\H:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\N:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\V:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Y:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\action beastiality catfight .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black beastiality animal hidden black hairunshaved .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\System32\DriverStore\Temp\italian fetish [bangbus] vagina wifey .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian horse porn big .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\IME\shared\nude [milf] cock castration .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\chinese porn handjob [milf] hairy .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\gay [bangbus] nipples castration (Ashley).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Google\Temp\spanish fucking cumshot hot (!) penetration .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\nude horse hot (!) black hairunshaved .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british gay uncut cock .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx full movie glans .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Google\Update\Download\american cum animal several models nipples balls .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\DVD Maker\Shared\indian cumshot hardcore several models .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Windows Journal\Templates\sperm catfight nipples femdom (Anniston,Sylvia).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish cum fucking [free] pregnant .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\french kicking porn big .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian fetish full movie stockings .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\handjob sleeping (Christine,Melissa).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\cumshot big .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish bukkake hot (!) hotel (Samantha).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx beast voyeur traffic .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish cumshot licking feet 40+ (Karin,Kathrin).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\mssrv.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\german animal fucking voyeur penetration .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore trambling licking .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\PLA\Templates\beastiality public .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french sperm several models .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking public legs lady .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\temp\swedish action public .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\security\templates\italian gang bang lingerie masturbation (Sonja).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian porn girls circumcision .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\handjob beast lesbian cock stockings .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse public .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\tmp\asian kicking gang bang girls bondage (Sonja).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling hidden titts .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SoftwareDistribution\Download\fetish lesbian ash .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian blowjob [milf] .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast big shower .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm full movie traffic .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\action big bondage .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling kicking [milf] .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish handjob masturbation .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian hardcore fetish sleeping black hairunshaved .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\kicking fetish hidden girly (Janette,Sandy).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\african lingerie fucking public .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse hot (!) .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian sperm lesbian catfight legs gorgeoushorny .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action cumshot full movie vagina shower (Liz,Samantha).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob full movie .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian lesbian several models vagina castration .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cum sleeping beautyfull .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Downloaded Program Files\gay hot (!) legs mistress .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1156	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2960	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2844	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1948	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2372	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3008	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
648	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1124	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2192	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1156	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2532	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1464	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1280	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
936	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1600	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1552	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
876	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
876	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1960	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1960	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2960	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2960	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1512	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1512	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
740	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
740	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2448	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2448	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2492	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	30
PID 2772 wrote to memory of 2492	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	30
PID 2772 wrote to memory of 2492	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	30
PID 2772 wrote to memory of 2492	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	30
PID 2772 wrote to memory of 2288	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	31
PID 2772 wrote to memory of 2288	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	31
PID 2772 wrote to memory of 2288	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	31
PID 2772 wrote to memory of 2288	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	31
PID 2492 wrote to memory of 2404	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	32
PID 2492 wrote to memory of 2404	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	32
PID 2492 wrote to memory of 2404	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	32
PID 2492 wrote to memory of 2404	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	32
PID 2404 wrote to memory of 1996	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	33
PID 2404 wrote to memory of 1996	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	33
PID 2404 wrote to memory of 1996	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	33
PID 2404 wrote to memory of 1996	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	33
PID 2492 wrote to memory of 912	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	35
PID 2492 wrote to memory of 912	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	35
PID 2492 wrote to memory of 912	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	35
PID 2492 wrote to memory of 912	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	35
PID 2772 wrote to memory of 2300	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	36
PID 2772 wrote to memory of 2300	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	36
PID 2772 wrote to memory of 2300	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	36
PID 2772 wrote to memory of 2300	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	36
PID 2288 wrote to memory of 108	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	34
PID 2288 wrote to memory of 108	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	34
PID 2288 wrote to memory of 108	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	34
PID 2288 wrote to memory of 108	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	34
PID 1996 wrote to memory of 1156	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	37
PID 1996 wrote to memory of 1156	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	37
PID 1996 wrote to memory of 1156	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	37
PID 1996 wrote to memory of 1156	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	37
PID 2772 wrote to memory of 2960	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	38
PID 2772 wrote to memory of 2960	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	38
PID 2772 wrote to memory of 2960	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	38
PID 2772 wrote to memory of 2960	2772	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	38
PID 2404 wrote to memory of 2844	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	41
PID 2404 wrote to memory of 2844	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	41
PID 2404 wrote to memory of 2844	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	41
PID 2404 wrote to memory of 2844	2404	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	41
PID 2288 wrote to memory of 2984	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	40
PID 2288 wrote to memory of 2984	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	40
PID 2288 wrote to memory of 2984	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	40
PID 2288 wrote to memory of 2984	2288	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	40
PID 108 wrote to memory of 2372	108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	43
PID 108 wrote to memory of 2372	108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	43
PID 108 wrote to memory of 2372	108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	43
PID 108 wrote to memory of 2372	108	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	43
PID 2492 wrote to memory of 3008	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	39
PID 2492 wrote to memory of 3008	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	39
PID 2492 wrote to memory of 3008	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	39
PID 2492 wrote to memory of 3008	2492	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	39
PID 2300 wrote to memory of 1948	2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	42
PID 2300 wrote to memory of 1948	2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	42
PID 2300 wrote to memory of 1948	2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	42
PID 2300 wrote to memory of 1948	2300	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	42
PID 912 wrote to memory of 648	912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	44
PID 912 wrote to memory of 648	912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	44
PID 912 wrote to memory of 648	912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	44
PID 912 wrote to memory of 648	912	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	44
PID 1996 wrote to memory of 1124	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	45
PID 1996 wrote to memory of 1124	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	45
PID 1996 wrote to memory of 1124	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	45
PID 1996 wrote to memory of 1124	1996	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	45

C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
"C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2040
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2256
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10884
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9964
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9176
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2272
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10304
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7020
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:108
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9508
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9760
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:8104
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9948
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7272
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10156
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10172
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7112
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5172
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:9516
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7296
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:8144
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10700
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:9692
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10164
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:8848
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:8876
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:1732
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:3212
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9652
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:9252
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:4368
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:10296
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:7212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\handjob sleeping (Christine,Melissa).mpeg.exe

Filesize
1.8MB

MD5
3757c067405b07f01474f00215add74d

SHA1
371f3c7f4d220b4af0c792663901ad70925299c3

SHA256
2f15dbd561b70e95b5dde1f1046c1f510bbd1ef1ebf95c3c692b497ca3b0f5b7

SHA512
ebf7cbd398847364e3df4c1e06c8fdb0729e41f19f9858041531f7fb3afb6e62a2e606570ca9ed695bece7273ca2a5b8d2d65dc24cee14889e059d10cbdd93f4

Download Submit
memory/108-75-0x0000000001F60000-0x0000000001F8B000-memory.dmp

Filesize
172KB

Download
memory/108-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/108-173-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/108-58-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/108-115-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/588-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/648-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/648-79-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/740-158-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/740-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/864-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/876-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/924-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/936-122-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/936-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1068-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1068-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1124-148-0x0000000004970000-0x000000000499B000-memory.dmp

Filesize
172KB

Download
memory/1124-169-0x0000000004970000-0x000000000499B000-memory.dmp

Filesize
172KB

Download
memory/1124-83-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1124-101-0x0000000004970000-0x000000000499B000-memory.dmp

Filesize
172KB

Download
memory/1124-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1156-106-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/1156-176-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/1156-71-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1156-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1280-180-0x0000000004510000-0x000000000453B000-memory.dmp

Filesize
172KB

Download
memory/1280-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1280-118-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/1464-170-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/1464-85-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1464-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1464-112-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/1512-156-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/1512-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1552-138-0x00000000046D0000-0x00000000046FB000-memory.dmp

Filesize
172KB

Download
memory/1552-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1552-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1600-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1948-137-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1948-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1948-80-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1960-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1960-147-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1996-177-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1996-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1996-82-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1996-70-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1996-107-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2192-102-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2192-84-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-52-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2300-175-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/2300-57-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2300-141-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2300-114-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/2300-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2300-73-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2372-77-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-86-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2404-110-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2404-151-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2404-51-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-160-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2404-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2448-162-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2448-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-50-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/2492-171-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2492-87-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2492-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-113-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2532-167-0x0000000004A80000-0x0000000004AAB000-memory.dmp

Filesize
172KB

Download
memory/2532-111-0x0000000004A80000-0x0000000004AAB000-memory.dmp

Filesize
172KB

Download
memory/2532-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2596-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-181-0x0000000004900000-0x000000000492B000-memory.dmp

Filesize
172KB

Download
memory/2772-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-109-0x0000000004900000-0x000000000492B000-memory.dmp

Filesize
172KB

Download
memory/2772-49-0x00000000048F0000-0x000000000491B000-memory.dmp

Filesize
172KB

Download
memory/2844-133-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2844-76-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2844-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-125-0x0000000004A80000-0x0000000004AAB000-memory.dmp

Filesize
172KB

Download
memory/2960-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-74-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-132-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/2984-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3008-78-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3008-100-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download