8d0a7e35dcb0a8294255f4b3ca375a0413b0167268ceb2c785b3c8b172f78ff2

Analysis

max time kernel
12s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ae2e8afa334693b7486ff0a82c21850N.exe
Size

889KB
MD5

2ae2e8afa334693b7486ff0a82c21850
SHA1

9fa945ed8992a7635ecf9d407e361ef97bbd9d8b
SHA256

8d0a7e35dcb0a8294255f4b3ca375a0413b0167268ceb2c785b3c8b172f78ff2
SHA512

7138f098fbe0b748d907eefdd7ea1d344c85a77fec88c218d2f27624e86b59f293d26baa021f31ba688339cb3783fefddfee2595a1fffadd397211e7db4e28d3
SSDEEP

24576:oWSCQACxatyL57BaLpq2uCeBXzU9/t2A8:VSBXh57wBuX2EA8

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2ae2e8afa334693b7486ff0a82c21850N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2ae2e8afa334693b7486ff0a82c21850N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\R:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\S:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Z:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\T:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\V:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\W:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\A:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\B:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\H:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\J:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\M:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Y:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\X:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\E:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\K:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\L:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\P:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\U:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\G:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\I:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\N:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Q:	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\japanese handjob lingerie [bangbus] glans .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie hot (!) penetration .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian hot (!) hairy .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian licking titts penetration (Liz).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese horse sperm several models titts circumcision (Jade).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian fetish bukkake [bangbus] balls .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx sleeping lady .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling sleeping titts .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american nude bukkake [milf] latex (Gina,Samantha).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american horse fucking masturbation titts ¼ë (Jade).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\System32\DriverStore\Temp\spanish trambling big feet .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore [free] balls .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\italian gang bang blowjob [bangbus] 40+ .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian porn blowjob public (Curtney).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob xxx sleeping .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian porn hardcore public swallow .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish cumshot horse sleeping swallow .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking catfight glans .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black cum xxx catfight cock .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay [milf] YEâPSè& (Ashley,Karin).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Common Files\microsoft shared\blowjob sleeping cock bondage .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling [milf] shower (Kathrin,Curtney).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\bukkake sleeping titts fishy (Janette).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish nude sperm voyeur hole black hairunshaved (Samantha).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black kicking fucking [bangbus] cock .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black porn gay hot (!) hole .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american cumshot bukkake catfight swallow .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake hidden .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\chinese xxx licking (Liz).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\dotnet\shared\blowjob [milf] (Samantha).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese horse fucking full movie swallow .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american cum sperm [bangbus] .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude sperm [milf] bedroom .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\german sperm girls feet femdom .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese kicking sperm [milf] feet .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\animal beast [bangbus] glans (Sonja,Melissa).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\gang bang sperm public hole wifey .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\cum hardcore voyeur (Curtney).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian action trambling voyeur titts castration (Janette).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese beastiality beast lesbian lady .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian gay licking granny .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\blowjob [free] titts penetration (Tatjana).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\hardcore [free] .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\japanese horse bukkake girls upskirt (Britney,Janette).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking lingerie voyeur shower .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\danish gang bang blowjob several models granny .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\InputMethod\SHARED\russian handjob hardcore hot (!) feet ejaculation .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian handjob gay public bedroom .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish horse horse hot (!) fishy .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\blowjob [milf] penetration (Gina,Sylvia).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\temp\danish kicking gay catfight titts penetration (Sarah).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\asian gay big cock .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\danish action trambling catfight penetration .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian hardcore [bangbus] feet pregnant (Curtney).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\beast licking cock girly .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese nude sperm hot (!) feet lady .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian handjob trambling catfight (Melissa).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake [milf] .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian xxx big glans mature (Curtney).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\british bukkake masturbation .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian horse blowjob several models beautyfull (Kathrin,Liz).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\fetish blowjob sleeping blondie (Kathrin,Tatjana).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\canadian lesbian lesbian .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\mssrv.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\Downloaded Program Files\japanese cumshot horse big titts mature (Karin).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cum lingerie uncut .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\black fetish trambling big hole shoes .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese lingerie big femdom (Anniston,Liz).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish fucking hidden girly .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\african gay big traffic .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\horse several models feet bondage .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish action gay hidden hole .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\asian horse sleeping feet bedroom .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\nude bukkake big redhair .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\handjob lesbian full movie hole young .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal hardcore hidden beautyfull .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian gay licking sm .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\handjob blowjob hidden (Sylvia).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\african bukkake full movie cock mistress (Sarah).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\norwegian blowjob hidden titts fishy (Karin).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\black handjob lesbian public titts pregnant (Karin).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\blowjob [milf] lady .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\tyrkish fetish sperm hidden glans .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beast several models glans high heels .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\hardcore girls circumcision .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african gay girls glans .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\PLA\Templates\swedish cumshot lingerie catfight cock lady .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot bukkake masturbation YEâPSè& .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\porn trambling [bangbus] circumcision .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\cum gay hidden cock .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black nude beast public (Samantha).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian porn lingerie [bangbus] swallow .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\tyrkish horse hardcore hot (!) hole balls .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\african blowjob several models cock .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4800	2ae2e8afa334693b7486ff0a82c21850N.exe
4800	2ae2e8afa334693b7486ff0a82c21850N.exe
116	2ae2e8afa334693b7486ff0a82c21850N.exe
116	2ae2e8afa334693b7486ff0a82c21850N.exe
1296	2ae2e8afa334693b7486ff0a82c21850N.exe
1296	2ae2e8afa334693b7486ff0a82c21850N.exe
2744	2ae2e8afa334693b7486ff0a82c21850N.exe
2744	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
208	2ae2e8afa334693b7486ff0a82c21850N.exe
208	2ae2e8afa334693b7486ff0a82c21850N.exe
2124	2ae2e8afa334693b7486ff0a82c21850N.exe
2124	2ae2e8afa334693b7486ff0a82c21850N.exe
4224	2ae2e8afa334693b7486ff0a82c21850N.exe
4224	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
4516	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
3112	2ae2e8afa334693b7486ff0a82c21850N.exe
640	2ae2e8afa334693b7486ff0a82c21850N.exe
640	2ae2e8afa334693b7486ff0a82c21850N.exe
3720	2ae2e8afa334693b7486ff0a82c21850N.exe
3720	2ae2e8afa334693b7486ff0a82c21850N.exe
4800	2ae2e8afa334693b7486ff0a82c21850N.exe
1576	2ae2e8afa334693b7486ff0a82c21850N.exe
1576	2ae2e8afa334693b7486ff0a82c21850N.exe
4800	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
4380	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
2320	2ae2e8afa334693b7486ff0a82c21850N.exe
116	2ae2e8afa334693b7486ff0a82c21850N.exe
116	2ae2e8afa334693b7486ff0a82c21850N.exe
2224	2ae2e8afa334693b7486ff0a82c21850N.exe
2224	2ae2e8afa334693b7486ff0a82c21850N.exe
1296	2ae2e8afa334693b7486ff0a82c21850N.exe
1296	2ae2e8afa334693b7486ff0a82c21850N.exe
4724	2ae2e8afa334693b7486ff0a82c21850N.exe
4724	2ae2e8afa334693b7486ff0a82c21850N.exe
2744	2ae2e8afa334693b7486ff0a82c21850N.exe
2744	2ae2e8afa334693b7486ff0a82c21850N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4380	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	87
PID 4516 wrote to memory of 4380	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	87
PID 4516 wrote to memory of 4380	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	87
PID 4516 wrote to memory of 2320	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	88
PID 4516 wrote to memory of 2320	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	88
PID 4516 wrote to memory of 2320	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	88
PID 4380 wrote to memory of 3112	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	89
PID 4380 wrote to memory of 3112	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	89
PID 4380 wrote to memory of 3112	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	89
PID 4516 wrote to memory of 4800	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	90
PID 4516 wrote to memory of 4800	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	90
PID 4516 wrote to memory of 4800	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	90
PID 2320 wrote to memory of 116	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	91
PID 2320 wrote to memory of 116	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	91
PID 2320 wrote to memory of 116	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	91
PID 3112 wrote to memory of 2744	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	92
PID 3112 wrote to memory of 2744	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	92
PID 3112 wrote to memory of 2744	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	92
PID 4380 wrote to memory of 1296	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	93
PID 4380 wrote to memory of 1296	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	93
PID 4380 wrote to memory of 1296	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	93
PID 4516 wrote to memory of 208	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	94
PID 4516 wrote to memory of 208	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	94
PID 4516 wrote to memory of 208	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	94
PID 3112 wrote to memory of 2124	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	95
PID 3112 wrote to memory of 2124	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	95
PID 3112 wrote to memory of 2124	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	95
PID 4800 wrote to memory of 4224	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	96
PID 4800 wrote to memory of 4224	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	96
PID 4800 wrote to memory of 4224	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	96
PID 4380 wrote to memory of 640	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	97
PID 4380 wrote to memory of 640	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	97
PID 4380 wrote to memory of 640	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	97
PID 2320 wrote to memory of 3720	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	98
PID 2320 wrote to memory of 3720	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	98
PID 2320 wrote to memory of 3720	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	98
PID 116 wrote to memory of 1576	116	2ae2e8afa334693b7486ff0a82c21850N.exe	99
PID 116 wrote to memory of 1576	116	2ae2e8afa334693b7486ff0a82c21850N.exe	99
PID 116 wrote to memory of 1576	116	2ae2e8afa334693b7486ff0a82c21850N.exe	99
PID 1296 wrote to memory of 2224	1296	2ae2e8afa334693b7486ff0a82c21850N.exe	100
PID 1296 wrote to memory of 2224	1296	2ae2e8afa334693b7486ff0a82c21850N.exe	100
PID 1296 wrote to memory of 2224	1296	2ae2e8afa334693b7486ff0a82c21850N.exe	100
PID 2744 wrote to memory of 4724	2744	2ae2e8afa334693b7486ff0a82c21850N.exe	101
PID 2744 wrote to memory of 4724	2744	2ae2e8afa334693b7486ff0a82c21850N.exe	101
PID 2744 wrote to memory of 4724	2744	2ae2e8afa334693b7486ff0a82c21850N.exe	101
PID 4516 wrote to memory of 1448	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	102
PID 4516 wrote to memory of 1448	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	102
PID 4516 wrote to memory of 1448	4516	2ae2e8afa334693b7486ff0a82c21850N.exe	102
PID 3112 wrote to memory of 4788	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	103
PID 3112 wrote to memory of 4788	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	103
PID 3112 wrote to memory of 4788	3112	2ae2e8afa334693b7486ff0a82c21850N.exe	103
PID 4800 wrote to memory of 2368	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	104
PID 4800 wrote to memory of 2368	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	104
PID 4800 wrote to memory of 2368	4800	2ae2e8afa334693b7486ff0a82c21850N.exe	104
PID 4380 wrote to memory of 2892	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	105
PID 4380 wrote to memory of 2892	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	105
PID 4380 wrote to memory of 2892	4380	2ae2e8afa334693b7486ff0a82c21850N.exe	105
PID 116 wrote to memory of 1320	116	2ae2e8afa334693b7486ff0a82c21850N.exe	106
PID 116 wrote to memory of 1320	116	2ae2e8afa334693b7486ff0a82c21850N.exe	106
PID 116 wrote to memory of 1320	116	2ae2e8afa334693b7486ff0a82c21850N.exe	106
PID 2320 wrote to memory of 4452	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	107
PID 2320 wrote to memory of 4452	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	107
PID 2320 wrote to memory of 4452	2320	2ae2e8afa334693b7486ff0a82c21850N.exe	107
PID 1296 wrote to memory of 4000	1296	2ae2e8afa334693b7486ff0a82c21850N.exe	108

C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
"C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:21784
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21416
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18924
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19628
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19620
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18580
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19132
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19420
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:22216
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21428
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:20388
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18564
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18456
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18692
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19428
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20360
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22256
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20540
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21596
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21308
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:23444
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23252
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17824
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20272
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21688
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:21408
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20560
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23412
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12508
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23420
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:15856
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14620
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:164
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:11744
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:16532
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:22240
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:20292
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:20796
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21776
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20596
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19468
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:23404
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21876
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20936
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20088
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21852
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21364
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21884
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21868
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21696
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21336
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23236
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17288
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19356
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23388
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9376
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:16272
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:12456
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:18572
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4800
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20252
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20284
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21832
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20804
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:23396
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21860
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:20552
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:16448
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17160
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:348
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:16248
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14920
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17416
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17592
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:18660
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:20244
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:21840
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:14420
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:21328
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:1108
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:12252
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17944
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:6204
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:11492
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:16296
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:8460
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17952
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:11676
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:17552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black porn gay hot (!) hole .mpg.exe

Filesize
781KB

MD5
6fbd27bd1ac67af5c8d526aad3baf1d2

SHA1
0da8e16373f888e0402bc82592eb7eea843ccb10

SHA256
1b730ad27702c3545abf7a6ed0524b62621fc439d2356df43de4820fdd005998

SHA512
cfecc4587f8c04b94d93505aac74d505be2151fa896301a51cf5df800d3534da1f05b4d1beb97d3f007c2fc9e976a0fff007b8b5c0ac47f3522e959de387dfe4

Download Submit
memory/116-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/164-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/640-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1108-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1152-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1256-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1296-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1320-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1552-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1576-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2224-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2268-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2284-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2320-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2368-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2744-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2892-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3084-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3160-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3172-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3720-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3928-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4000-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4224-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4336-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4452-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4516-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4724-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4788-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4800-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4972-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5112-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5720-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5732-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5740-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5792-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5856-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5872-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5888-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5896-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5920-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5928-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5964-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6196-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6204-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6220-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6228-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6236-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6244-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6252-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6916-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6992-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7100-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7192-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7200-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7208-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7216-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7224-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7236-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7244-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7252-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7276-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7496-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7508-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7980-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8024-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8136-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8172-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8184-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8200-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8208-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8232-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8412-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8420-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8428-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8436-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8444-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8452-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8460-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8468-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8972-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9032-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9240-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9248-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9412-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9420-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9496-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9520-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9588-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9608-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9684-324-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download