c52426433d41ec53174953de268577b6f1e179767de3a01152936533ab008ab7

Analysis

max time kernel
9s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118776b114d3fb8232e07fce421214b0N.exe
Size

2.0MB
MD5

118776b114d3fb8232e07fce421214b0
SHA1

174454039675e59d09b2538451afd3f1ec9b82a1
SHA256

c52426433d41ec53174953de268577b6f1e179767de3a01152936533ab008ab7
SHA512

da867a62edc0cb1caeef4fd3914fe634b8d303b2a2d6d6e0ccc11fbc79978e3fe2c8b623e7e2cc5cde376174508f06c13b0c172ee23e8ea208b7f699ea89d2d4
SSDEEP

49152:V41xsZgM/FkKCnMRhbL6su1MglBXSecjDUs8AtGtrEZAgok70bo:q1xutkdnMzijqgltSTjDH8AtGZEbv0M

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	118776b114d3fb8232e07fce421214b0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	118776b114d3fb8232e07fce421214b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\K:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\R:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\P:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\S:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\W:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\A:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\E:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\G:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\O:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Y:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\M:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\N:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\U:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\V:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Q:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\T:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\X:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Z:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\H:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\I:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\J:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\L:	118776b114d3fb8232e07fce421214b0N.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\japanese kicking trambling lesbian feet fishy .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish cumshot bukkake voyeur boots .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american beastiality horse masturbation hotel (Sonja,Tatjana).zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish animal horse [milf] (Karin).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black kicking bukkake [milf] cock ejaculation (Sarah).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish action lesbian lesbian cock .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish horse trambling lesbian .rar.exe	118776b114d3fb8232e07fce421214b0N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\russian cumshot blowjob voyeur .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese kicking fucking uncut cock .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\dotnet\shared\fucking licking glans .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sleeping cock .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang lingerie hot (!) .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum gay licking blondie .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian animal trambling [bangbus] fishy .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american animal lingerie hot (!) ejaculation .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling full movie feet .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lingerie licking (Karin).zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast hidden glans bondage .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese gang bang beast sleeping titts black hairunshaved .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian nude blowjob [free] lady .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish beastiality lingerie voyeur wifey .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian girls cock bedroom .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian hidden .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish kicking fucking uncut .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian porn beast several models .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Downloaded Program Files\tyrkish cumshot trambling hot (!) (Tatjana).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\PLA\Templates\black animal fucking full movie .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\security\templates\russian action trambling big .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob sperm several models circumcision (Gina,Janette).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish animal bukkake uncut glans ¤ç (Jade).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie licking .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling public feet .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish gang bang lesbian [bangbus] .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\mssrv.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\CbsTemp\japanese horse gay big .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\american porn xxx masturbation castration .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot lesbian girls titts latex .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx public .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish gang bang gay sleeping feet bedroom .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\temp\lesbian girls .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay [bangbus] hotel (Kathrin,Karin).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish handjob horse girls .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling hidden redhair .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\tmp\fucking licking .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian horse blowjob girls (Liz).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american cumshot horse [bangbus] bedroom .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian cumshot trambling hot (!) hole shoes (Melissa).zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish cum hardcore hot (!) .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beastiality xxx licking feet .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\indian fetish hardcore catfight .rar.exe	118776b114d3fb8232e07fce421214b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2396	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
5028	118776b114d3fb8232e07fce421214b0N.exe
5028	118776b114d3fb8232e07fce421214b0N.exe
3208	118776b114d3fb8232e07fce421214b0N.exe
3208	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2496	118776b114d3fb8232e07fce421214b0N.exe
2496	118776b114d3fb8232e07fce421214b0N.exe
3236	118776b114d3fb8232e07fce421214b0N.exe
3236	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2396	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
2736	118776b114d3fb8232e07fce421214b0N.exe
4528	118776b114d3fb8232e07fce421214b0N.exe
4528	118776b114d3fb8232e07fce421214b0N.exe
5028	118776b114d3fb8232e07fce421214b0N.exe
5028	118776b114d3fb8232e07fce421214b0N.exe
4244	118776b114d3fb8232e07fce421214b0N.exe
4244	118776b114d3fb8232e07fce421214b0N.exe
3208	118776b114d3fb8232e07fce421214b0N.exe
3208	118776b114d3fb8232e07fce421214b0N.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2736	2396	118776b114d3fb8232e07fce421214b0N.exe	87
PID 2396 wrote to memory of 2736	2396	118776b114d3fb8232e07fce421214b0N.exe	87
PID 2396 wrote to memory of 2736	2396	118776b114d3fb8232e07fce421214b0N.exe	87
PID 2736 wrote to memory of 5028	2736	118776b114d3fb8232e07fce421214b0N.exe	89
PID 2736 wrote to memory of 5028	2736	118776b114d3fb8232e07fce421214b0N.exe	89
PID 2736 wrote to memory of 5028	2736	118776b114d3fb8232e07fce421214b0N.exe	89
PID 2396 wrote to memory of 3208	2396	118776b114d3fb8232e07fce421214b0N.exe	90
PID 2396 wrote to memory of 3208	2396	118776b114d3fb8232e07fce421214b0N.exe	90
PID 2396 wrote to memory of 3208	2396	118776b114d3fb8232e07fce421214b0N.exe	90
PID 2736 wrote to memory of 2496	2736	118776b114d3fb8232e07fce421214b0N.exe	94
PID 2736 wrote to memory of 2496	2736	118776b114d3fb8232e07fce421214b0N.exe	94
PID 2736 wrote to memory of 2496	2736	118776b114d3fb8232e07fce421214b0N.exe	94
PID 2396 wrote to memory of 3236	2396	118776b114d3fb8232e07fce421214b0N.exe	95
PID 2396 wrote to memory of 3236	2396	118776b114d3fb8232e07fce421214b0N.exe	95
PID 2396 wrote to memory of 3236	2396	118776b114d3fb8232e07fce421214b0N.exe	95
PID 5028 wrote to memory of 4528	5028	118776b114d3fb8232e07fce421214b0N.exe	96
PID 5028 wrote to memory of 4528	5028	118776b114d3fb8232e07fce421214b0N.exe	96
PID 5028 wrote to memory of 4528	5028	118776b114d3fb8232e07fce421214b0N.exe	96
PID 3208 wrote to memory of 4244	3208	118776b114d3fb8232e07fce421214b0N.exe	97
PID 3208 wrote to memory of 4244	3208	118776b114d3fb8232e07fce421214b0N.exe	97
PID 3208 wrote to memory of 4244	3208	118776b114d3fb8232e07fce421214b0N.exe	97
PID 2396 wrote to memory of 3840	2396	118776b114d3fb8232e07fce421214b0N.exe	99
PID 2396 wrote to memory of 3840	2396	118776b114d3fb8232e07fce421214b0N.exe	99
PID 2396 wrote to memory of 3840	2396	118776b114d3fb8232e07fce421214b0N.exe	99
PID 2736 wrote to memory of 2572	2736	118776b114d3fb8232e07fce421214b0N.exe	100
PID 2736 wrote to memory of 2572	2736	118776b114d3fb8232e07fce421214b0N.exe	100
PID 2736 wrote to memory of 2572	2736	118776b114d3fb8232e07fce421214b0N.exe	100
PID 2496 wrote to memory of 4660	2496	118776b114d3fb8232e07fce421214b0N.exe	101
PID 2496 wrote to memory of 4660	2496	118776b114d3fb8232e07fce421214b0N.exe	101
PID 2496 wrote to memory of 4660	2496	118776b114d3fb8232e07fce421214b0N.exe	101
PID 3236 wrote to memory of 240	3236	118776b114d3fb8232e07fce421214b0N.exe	102
PID 3236 wrote to memory of 240	3236	118776b114d3fb8232e07fce421214b0N.exe	102
PID 3236 wrote to memory of 240	3236	118776b114d3fb8232e07fce421214b0N.exe	102
PID 5028 wrote to memory of 4828	5028	118776b114d3fb8232e07fce421214b0N.exe	103
PID 5028 wrote to memory of 4828	5028	118776b114d3fb8232e07fce421214b0N.exe	103
PID 5028 wrote to memory of 4828	5028	118776b114d3fb8232e07fce421214b0N.exe	103
PID 3208 wrote to memory of 5104	3208	118776b114d3fb8232e07fce421214b0N.exe	104
PID 3208 wrote to memory of 5104	3208	118776b114d3fb8232e07fce421214b0N.exe	104
PID 3208 wrote to memory of 5104	3208	118776b114d3fb8232e07fce421214b0N.exe	104

C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
"C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12100
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11288
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11500
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11716
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8396
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:11240
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:15524
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12540
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13116
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14876
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11356
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13540
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:9308
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:12516
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3236
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:240
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13624
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14772
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14436
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12552
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8756
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:12116
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:3840
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12092
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11400
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:11508
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12140
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14228
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8716
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:12448
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:5364
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12888
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:9052
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:920
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:6452
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:11220
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:14696
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:8188
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:11060
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:15288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sleeping cock .mpg.exe

Filesize
1.3MB

MD5
c1745c8132d7009151aacec105068caa

SHA1
1587f51826c4020ad41461c19678d6e4709a8b68

SHA256
35d49baeb1088b40ee84fbbc05f448607b7210c4b1584747df7035ce9d72b6e6

SHA512
4f068e813bfc457941387d5f59690cee465d4aa38afb736d2fbffda96b2dbd29ef85ef88449da32da9a1344f72be0dccc9d5cfe61983d7a17b2ced81a88f33ee

Download Submit
memory/240-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2080-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2248-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2396-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2396-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2496-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2572-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2736-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2736-13-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3108-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3208-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3236-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3236-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3412-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3760-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3840-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3840-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3920-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4244-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4244-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4364-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4444-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4528-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4528-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4660-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4716-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4828-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5028-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5028-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5032-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5104-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5148-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5188-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5364-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5372-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5516-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5528-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5576-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5684-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5692-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5724-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5836-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5856-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5864-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6036-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6100-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6108-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6216-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6264-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6452-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6504-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6620-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6644-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6712-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6720-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6744-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6752-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6936-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7020-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7120-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7208-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7368-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7492-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7592-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7600-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7660-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7688-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8188-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8236-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8244-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8320-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8396-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8404-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8452-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8500-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8520-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8648-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8716-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8816-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8944-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9052-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9140-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9148-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9308-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9356-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9388-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9436-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9488-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9536-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9668-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9676-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9768-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9916-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9984-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10036-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download