d41fba6f0d7603532207eb6aa967cc5e4872e0bd59cbfd970ec64d0431d5ddcb

Analysis

max time kernel
11s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f06bae06ae48732f3873e7fc4aeb0960N.exe
Size

957KB
MD5

f06bae06ae48732f3873e7fc4aeb0960
SHA1

528ecbe77862852f082be47fd928dee1c77f6ba6
SHA256

d41fba6f0d7603532207eb6aa967cc5e4872e0bd59cbfd970ec64d0431d5ddcb
SHA512

087525390166cd6d73ce104d7ad7ce502a80a1f5ce45c0d8b3134903ff3e8116c654d3ac3ccf9a8c926300f190d52336f6c8a0cdbf4e3bbfcaa287887bffb40a
SSDEEP

12288:dXCNi9BM+DP92Sg7y89PMAOutetSA1JsyHOr0KyStfbJ28wFK3m8yH:oWl9Hgm89PZO4AvgTyStfU8zmXH

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	f06bae06ae48732f3873e7fc4aeb0960N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f06bae06ae48732f3873e7fc4aeb0960N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\H:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\K:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\S:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\T:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\O:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\V:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\W:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\A:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\B:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\I:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\N:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\G:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\Y:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\P:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\Q:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\R:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\U:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\E:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\J:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\L:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\M:	f06bae06ae48732f3873e7fc4aeb0960N.exe
File opened (read-only)	\??\X:	f06bae06ae48732f3873e7fc4aeb0960N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm trambling [free] hairy .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum porn public (Liz,Sandy).zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian gang bang bukkake lesbian .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian fucking masturbation beautyfull .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish animal public glans ash .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian beast [milf] (Sandy).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\french fetish public boobs swallow .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang catfight legs wifey .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish beast sleeping hotel .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black cumshot hot (!) young .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish bukkake [free] (Gina).rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\action lingerie licking cock upskirt (Karin).zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian bukkake girls bedroom .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish handjob [bangbus] girly (Jade,Sonja).rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse porn hidden titts wifey (Sonja).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Google\Temp\swedish kicking hidden boobs shower (Britney).mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay lesbian hot (!) hotel .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian beast handjob lesbian ash (Sonja).zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian handjob uncut 50+ .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cumshot trambling big .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\porn horse hidden lady .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling big cock .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie full movie castration .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Common Files\microsoft shared\fetish catfight feet traffic .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beastiality girls .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay catfight balls .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese cum big .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\dotnet\shared\african trambling gay licking .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\german blowjob kicking [free] castration .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\indian kicking several models sm .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\japanese porn public gorgeoushorny (Samantha).mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\fucking public .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\mssrv.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\french horse uncut blondie (Christine,Anniston).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\assembly\tmp\russian kicking full movie balls .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\trambling sperm sleeping (Sylvia).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\handjob lesbian girly .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\sperm horse [milf] (Tatjana).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\handjob cumshot [bangbus] penetration .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\american porn beastiality catfight balls (Melissa).zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\british animal girls .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\british kicking blowjob licking cock .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\sperm gay licking balls (Sonja,Sonja).mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\assembly\temp\brasilian lingerie [bangbus] boobs bondage .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\PLA\Templates\swedish fucking gay voyeur .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\security\templates\canadian beastiality xxx [free] 40+ .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\cum girls pregnant .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish xxx porn masturbation .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\british nude [bangbus] YEâPSè& (Jenna).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian horse trambling licking pregnant (Tatjana).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\trambling masturbation boobs black hairunshaved .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian beastiality [milf] .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang cum girls traffic .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british lesbian several models nipples lady .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\Downloaded Program Files\kicking horse lesbian cock .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\spanish xxx [bangbus] femdom (Christine).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\kicking bukkake big lady (Gina).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\xxx several models swallow .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\german lesbian horse [milf] boobs shoes (Samantha).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse blowjob public cock .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia hardcore masturbation nipples latex .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse several models shoes .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese porn [milf] legs young .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish horse lingerie voyeur ejaculation .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse fetish hidden .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\animal licking titts .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish cum uncut mistress .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\russian trambling kicking hot (!) .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese kicking fucking big feet swallow .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\lingerie several models feet young .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\action cumshot girls cock .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lingerie hidden bedroom .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\swedish nude blowjob big hotel .mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gay nude public balls (Ashley,Jade).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\trambling fucking licking (Tatjana).mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese cumshot nude [bangbus] .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish trambling sleeping glans stockings .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish cumshot several models legs sweet .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lingerie fetish girls boobs mature (Janette,Gina).mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian handjob sleeping .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum porn lesbian .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\InputMethod\SHARED\american gay gay sleeping bondage (Melissa,Gina).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\action catfight .avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\fetish horse uncut gorgeoushorny .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\chinese gang bang [milf] .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\german hardcore lingerie [bangbus] cock (Kathrin).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese gay [free] shoes .mpg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american animal voyeur hole (Curtney).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\horse cum licking cock blondie .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\chinese beastiality masturbation cock granny (Karin).mpeg.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\nude public sm .zip.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beastiality fucking [milf] ash black hairunshaved (Ashley,Curtney).avi.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie vagina boots .rar.exe	f06bae06ae48732f3873e7fc4aeb0960N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06bae06ae48732f3873e7fc4aeb0960N.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
4844	f06bae06ae48732f3873e7fc4aeb0960N.exe
4844	f06bae06ae48732f3873e7fc4aeb0960N.exe
4688	f06bae06ae48732f3873e7fc4aeb0960N.exe
4688	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
3516	f06bae06ae48732f3873e7fc4aeb0960N.exe
3516	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
4152	f06bae06ae48732f3873e7fc4aeb0960N.exe
4152	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
3876	f06bae06ae48732f3873e7fc4aeb0960N.exe
3876	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
4600	f06bae06ae48732f3873e7fc4aeb0960N.exe
312	f06bae06ae48732f3873e7fc4aeb0960N.exe
312	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
5008	f06bae06ae48732f3873e7fc4aeb0960N.exe
2780	f06bae06ae48732f3873e7fc4aeb0960N.exe
2780	f06bae06ae48732f3873e7fc4aeb0960N.exe
2900	f06bae06ae48732f3873e7fc4aeb0960N.exe
2900	f06bae06ae48732f3873e7fc4aeb0960N.exe
4636	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
1456	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
3324	f06bae06ae48732f3873e7fc4aeb0960N.exe
4636	f06bae06ae48732f3873e7fc4aeb0960N.exe
3236	f06bae06ae48732f3873e7fc4aeb0960N.exe
3236	f06bae06ae48732f3873e7fc4aeb0960N.exe
4844	f06bae06ae48732f3873e7fc4aeb0960N.exe
4688	f06bae06ae48732f3873e7fc4aeb0960N.exe
4688	f06bae06ae48732f3873e7fc4aeb0960N.exe
4844	f06bae06ae48732f3873e7fc4aeb0960N.exe
3084	f06bae06ae48732f3873e7fc4aeb0960N.exe
3084	f06bae06ae48732f3873e7fc4aeb0960N.exe
2852	f06bae06ae48732f3873e7fc4aeb0960N.exe
2852	f06bae06ae48732f3873e7fc4aeb0960N.exe
3516	f06bae06ae48732f3873e7fc4aeb0960N.exe
3516	f06bae06ae48732f3873e7fc4aeb0960N.exe
4152	f06bae06ae48732f3873e7fc4aeb0960N.exe
4152	f06bae06ae48732f3873e7fc4aeb0960N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 1456	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	87
PID 4600 wrote to memory of 1456	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	87
PID 4600 wrote to memory of 1456	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	87
PID 4600 wrote to memory of 5008	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	92
PID 4600 wrote to memory of 5008	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	92
PID 4600 wrote to memory of 5008	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	92
PID 1456 wrote to memory of 3324	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	93
PID 1456 wrote to memory of 3324	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	93
PID 1456 wrote to memory of 3324	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	93
PID 4600 wrote to memory of 4844	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	94
PID 4600 wrote to memory of 4844	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	94
PID 4600 wrote to memory of 4844	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	94
PID 5008 wrote to memory of 4688	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	95
PID 5008 wrote to memory of 4688	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	95
PID 5008 wrote to memory of 4688	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	95
PID 1456 wrote to memory of 3516	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	96
PID 1456 wrote to memory of 3516	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	96
PID 1456 wrote to memory of 3516	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	96
PID 3324 wrote to memory of 4152	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	97
PID 3324 wrote to memory of 4152	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	97
PID 3324 wrote to memory of 4152	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	97
PID 4600 wrote to memory of 3876	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	99
PID 4600 wrote to memory of 3876	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	99
PID 4600 wrote to memory of 3876	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	99
PID 5008 wrote to memory of 312	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	100
PID 5008 wrote to memory of 312	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	100
PID 5008 wrote to memory of 312	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	100
PID 1456 wrote to memory of 2900	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	101
PID 1456 wrote to memory of 2900	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	101
PID 1456 wrote to memory of 2900	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	101
PID 3324 wrote to memory of 3236	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	102
PID 3324 wrote to memory of 3236	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	102
PID 3324 wrote to memory of 3236	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	102
PID 4688 wrote to memory of 2780	4688	f06bae06ae48732f3873e7fc4aeb0960N.exe	103
PID 4688 wrote to memory of 2780	4688	f06bae06ae48732f3873e7fc4aeb0960N.exe	103
PID 4688 wrote to memory of 2780	4688	f06bae06ae48732f3873e7fc4aeb0960N.exe	103
PID 4844 wrote to memory of 4636	4844	f06bae06ae48732f3873e7fc4aeb0960N.exe	104
PID 4844 wrote to memory of 4636	4844	f06bae06ae48732f3873e7fc4aeb0960N.exe	104
PID 4844 wrote to memory of 4636	4844	f06bae06ae48732f3873e7fc4aeb0960N.exe	104
PID 3516 wrote to memory of 3084	3516	f06bae06ae48732f3873e7fc4aeb0960N.exe	105
PID 3516 wrote to memory of 3084	3516	f06bae06ae48732f3873e7fc4aeb0960N.exe	105
PID 3516 wrote to memory of 3084	3516	f06bae06ae48732f3873e7fc4aeb0960N.exe	105
PID 4152 wrote to memory of 2852	4152	f06bae06ae48732f3873e7fc4aeb0960N.exe	106
PID 4152 wrote to memory of 2852	4152	f06bae06ae48732f3873e7fc4aeb0960N.exe	106
PID 4152 wrote to memory of 2852	4152	f06bae06ae48732f3873e7fc4aeb0960N.exe	106
PID 4600 wrote to memory of 4180	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	108
PID 4600 wrote to memory of 4180	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	108
PID 4600 wrote to memory of 4180	4600	f06bae06ae48732f3873e7fc4aeb0960N.exe	108
PID 5008 wrote to memory of 4048	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	109
PID 5008 wrote to memory of 4048	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	109
PID 5008 wrote to memory of 4048	5008	f06bae06ae48732f3873e7fc4aeb0960N.exe	109
PID 3876 wrote to memory of 4572	3876	f06bae06ae48732f3873e7fc4aeb0960N.exe	110
PID 3876 wrote to memory of 4572	3876	f06bae06ae48732f3873e7fc4aeb0960N.exe	110
PID 3876 wrote to memory of 4572	3876	f06bae06ae48732f3873e7fc4aeb0960N.exe	110
PID 312 wrote to memory of 4400	312	f06bae06ae48732f3873e7fc4aeb0960N.exe	111
PID 312 wrote to memory of 4400	312	f06bae06ae48732f3873e7fc4aeb0960N.exe	111
PID 312 wrote to memory of 4400	312	f06bae06ae48732f3873e7fc4aeb0960N.exe	111
PID 3324 wrote to memory of 4512	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	112
PID 3324 wrote to memory of 4512	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	112
PID 3324 wrote to memory of 4512	3324	f06bae06ae48732f3873e7fc4aeb0960N.exe	112
PID 1456 wrote to memory of 2016	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	113
PID 1456 wrote to memory of 2016	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	113
PID 1456 wrote to memory of 2016	1456	f06bae06ae48732f3873e7fc4aeb0960N.exe	113
PID 4844 wrote to memory of 2380	4844	f06bae06ae48732f3873e7fc4aeb0960N.exe	114

C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
"C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:21956
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:20960
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:20260
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:22132
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:21300
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:21396
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:21216
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:20888
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:20916
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:19492
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:18876
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:19536
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:19164
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:19388
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:21308
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:21964
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20728
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:21168
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:21292
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:20924
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:19820
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:22076
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:21316
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20968
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:19500
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:22068
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18884
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:17228
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:19600
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:436
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:21972
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20776
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20356
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:16808
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:21208
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20464
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8572
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:4748
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18900
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:17236
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        8⤵
        
        PID:20508
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:20744
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        7⤵
        
        PID:21388
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:21492
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:21480
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:724
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:22520
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:22152
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:20408
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20768
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20500
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18860
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18992
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:17968
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18084
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18892
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:11664
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:16840
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:22144
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:22124
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:22048
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:20996
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20752
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20456
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18936
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20736
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:19720
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18076
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:17000
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:20760
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:19680
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18468
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:18952
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:12116
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:16676
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:21276
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:19828
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:20896
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:13964
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:9100
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:5224
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
      4⤵
      PID:1648
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:10516
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:18588
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:6592
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:12644
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:18032
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:8804
- - C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
    3⤵
    PID:19276
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:12092
- C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06bae06ae48732f3873e7fc4aeb0960N.exe"
  2⤵
  PID:16644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay lesbian hot (!) hotel .mpeg.exe

Filesize
1.9MB

MD5
79abd333bce5cea87a4bd70f535ab1e1

SHA1
22ef2495b188feb0a39f5b273a6ef11c9bd753b9

SHA256
322fed3ce2d61182d25f0c05da2b0284869167357f4da807fc719f69c7887f20

SHA512
7c6daa825ca52f7bb874d1b279cd1e4dd0974525616840d01821d7d3b200f5f2e4a21d431c8ac1607bd1b1a15ea91144b634a15b0dd903234c83c604c68f70d7

Download Submit
memory/572-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1208-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1456-78-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1484-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2016-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2468-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2780-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2852-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3084-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3240-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3516-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3876-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3960-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4048-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4072-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4180-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4376-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4428-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4512-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4572-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4600-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4636-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4688-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4844-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5128-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5144-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5192-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5224-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5408-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5904-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5980-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5996-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6004-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6012-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6020-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6124-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6152-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6188-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6348-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6360-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6424-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6480-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6488-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6592-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6600-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6608-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6632-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6640-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6656-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6664-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6672-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7404-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7448-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7552-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7564-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7604-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7628-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7660-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7720-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7760-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7996-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8052-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8152-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8160-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8176-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8212-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8368-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8404-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8464-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8600-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8624-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8708-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8748-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8796-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8828-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8852-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8860-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8888-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8944-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9080-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9376-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9516-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9600-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9700-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9748-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9848-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9860-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9920-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9928-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10008-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10172-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10196-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10316-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10328-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download