fc55f85e2be29b8813bf95b2b764c3a4dc4c9c0668c34a2edabb69c7ed497c2d

Analysis

max time kernel
12s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

336785376728d96a0356873946e4eda0N.exe
Size

1.2MB
MD5

336785376728d96a0356873946e4eda0
SHA1

bfdd80a40cb83bf9a6a70f254dc554a1541b838f
SHA256

fc55f85e2be29b8813bf95b2b764c3a4dc4c9c0668c34a2edabb69c7ed497c2d
SHA512

b9fdbd986842c09539ac450b8f7f786b65df466c6a8dae45fed4b343068cbfa29a4cb225a361b9c95449e8e6aacb0c07d2badee7e621d0cbb3b24854d564c80a
SSDEEP

24576:oW8PF7O2Z3GOZussgZzYrL32+ZDdS9nCqXEJ+LqoModFvd1dIk7HLwv:V8PtJGqussgZkf3P+hZvdvIsO

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	336785376728d96a0356873946e4eda0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	336785376728d96a0356873946e4eda0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\I:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\M:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\T:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\V:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\Z:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\J:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\K:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\L:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\N:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\O:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\P:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\Y:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\B:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\E:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\Q:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\R:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\S:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\U:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\X:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\A:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\H:	336785376728d96a0356873946e4eda0N.exe
File opened (read-only)	\??\W:	336785376728d96a0356873946e4eda0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\canadian porn licking ¼ë .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish beastiality hot (!) .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish trambling lesbian gorgeoushorny (Jenna,Kathrin).zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese lingerie handjob hot (!) mistress .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\kicking [bangbus] .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\System32\DriverStore\Temp\german trambling action several models glans .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\action lesbian hole bedroom (Sonja,Melissa).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian porn public nipples (Janette).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude horse catfight .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian sperm hot (!) .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cumshot kicking [bangbus] (Anniston).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german animal [free] .zip.exe	336785376728d96a0356873946e4eda0N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish nude [milf] hairy .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\asian cumshot sleeping shoes .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\nude hot (!) hole .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish gay sleeping boobs (Karin).zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\bukkake hidden .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Common Files\microsoft shared\canadian animal fetish lesbian 50+ .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\dotnet\shared\french nude horse [milf] hole .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\handjob hidden boots .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american horse gang bang uncut .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cumshot full movie Œã .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay several models .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese lingerie fetish masturbation girly (Liz,Christine).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian action gay sleeping (Kathrin).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian blowjob fetish licking girly .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\french xxx trambling sleeping girly .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\american gay voyeur feet young .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian beast masturbation legs sweet .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese fucking action [free] .zip.exe	336785376728d96a0356873946e4eda0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish fucking handjob [milf] .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\italian fucking girls fishy .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn voyeur hole bondage (Britney).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\porn masturbation mature .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\russian kicking full movie granny .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\bukkake sleeping swallow .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\InputMethod\SHARED\black hardcore [milf] titts upskirt .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\security\templates\japanese beastiality catfight vagina leather (Sonja,Britney).mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse fucking girls ash femdom .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\japanese hardcore voyeur lady (Ashley).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\french nude horse big .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\japanese cum xxx [free] balls (Christine).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\asian fucking several models girly .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie cum full movie .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\british beastiality lesbian masturbation stockings .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SoftwareDistribution\Download\animal [milf] feet young (Tatjana).zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\horse hidden cock .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\lingerie lingerie [milf] .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\mssrv.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal gang bang uncut YEâPSè& .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fucking gang bang lesbian nipples pregnant (Christine).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\porn horse catfight bedroom .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\brasilian fucking fucking several models beautyfull (Janette,Jenna).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\handjob hardcore licking .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\assembly\temp\gay public legs high heels .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish kicking trambling public nipples castration .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse animal big hairy (Kathrin).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian cum xxx several models cock shoes (Anniston).zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\japanese lingerie masturbation redhair .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\action licking nipples ejaculation .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\sperm cum girls hole ejaculation .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\animal catfight blondie .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fetish [milf] .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\indian sperm licking ejaculation .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish kicking catfight blondie (Sonja).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african horse fucking [bangbus] sweet .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french beast bukkake voyeur cock .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian nude horse [milf] ash girly (Sonja).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beastiality kicking full movie shoes (Anniston,Sonja).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian [bangbus] vagina mistress .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish handjob voyeur boobs bondage .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african horse beast sleeping .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\british hardcore gang bang full movie circumcision (Janette,Karin).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\brasilian trambling big cock mature .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\sperm hot (!) swallow .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\CbsTemp\nude masturbation ash (Ashley).mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\african animal [milf] boots (Curtney,Curtney).avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\russian gay horse full movie girly (Tatjana).avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx porn masturbation .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese hardcore handjob girls leather .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african lesbian hot (!) (Anniston).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia trambling animal voyeur vagina .rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\lesbian trambling full movie nipples .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\swedish fetish hidden gorgeoushorny .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\lesbian lesbian masturbation wifey .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\american porn public lady (Sylvia,Melissa).zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\assembly\tmp\lingerie hot (!) vagina latex .avi.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\PLA\Templates\american sperm [milf] (Kathrin,Ashley).rar.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian cumshot full movie ejaculation .mpg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\malaysia horse [free] balls .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\french fetish action licking titts .mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\american trambling gay public (Melissa,Christine).mpeg.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\chinese beast gang bang [bangbus] nipples .zip.exe	336785376728d96a0356873946e4eda0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\russian lesbian bukkake voyeur .mpeg.exe	336785376728d96a0356873946e4eda0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	336785376728d96a0356873946e4eda0N.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2688	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
3852	336785376728d96a0356873946e4eda0N.exe
3852	336785376728d96a0356873946e4eda0N.exe
3684	336785376728d96a0356873946e4eda0N.exe
3684	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
4360	336785376728d96a0356873946e4eda0N.exe
4360	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
5116	336785376728d96a0356873946e4eda0N.exe
5116	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
4868	336785376728d96a0356873946e4eda0N.exe
2688	336785376728d96a0356873946e4eda0N.exe
2508	336785376728d96a0356873946e4eda0N.exe
2508	336785376728d96a0356873946e4eda0N.exe
5112	336785376728d96a0356873946e4eda0N.exe
5112	336785376728d96a0356873946e4eda0N.exe
4132	336785376728d96a0356873946e4eda0N.exe
4132	336785376728d96a0356873946e4eda0N.exe
5012	336785376728d96a0356873946e4eda0N.exe
5012	336785376728d96a0356873946e4eda0N.exe
3468	336785376728d96a0356873946e4eda0N.exe
3468	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
652	336785376728d96a0356873946e4eda0N.exe
3852	336785376728d96a0356873946e4eda0N.exe
3852	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
4860	336785376728d96a0356873946e4eda0N.exe
1408	336785376728d96a0356873946e4eda0N.exe
1408	336785376728d96a0356873946e4eda0N.exe
1404	336785376728d96a0356873946e4eda0N.exe
1404	336785376728d96a0356873946e4eda0N.exe
3700	336785376728d96a0356873946e4eda0N.exe
3700	336785376728d96a0356873946e4eda0N.exe
3684	336785376728d96a0356873946e4eda0N.exe
3684	336785376728d96a0356873946e4eda0N.exe
5116	336785376728d96a0356873946e4eda0N.exe
5116	336785376728d96a0356873946e4eda0N.exe
4360	336785376728d96a0356873946e4eda0N.exe
4360	336785376728d96a0356873946e4eda0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 652	2688	336785376728d96a0356873946e4eda0N.exe	88
PID 2688 wrote to memory of 652	2688	336785376728d96a0356873946e4eda0N.exe	88
PID 2688 wrote to memory of 652	2688	336785376728d96a0356873946e4eda0N.exe	88
PID 2688 wrote to memory of 4860	2688	336785376728d96a0356873946e4eda0N.exe	93
PID 2688 wrote to memory of 4860	2688	336785376728d96a0356873946e4eda0N.exe	93
PID 2688 wrote to memory of 4860	2688	336785376728d96a0356873946e4eda0N.exe	93
PID 652 wrote to memory of 4868	652	336785376728d96a0356873946e4eda0N.exe	94
PID 652 wrote to memory of 4868	652	336785376728d96a0356873946e4eda0N.exe	94
PID 652 wrote to memory of 4868	652	336785376728d96a0356873946e4eda0N.exe	94
PID 652 wrote to memory of 3852	652	336785376728d96a0356873946e4eda0N.exe	95
PID 652 wrote to memory of 3852	652	336785376728d96a0356873946e4eda0N.exe	95
PID 652 wrote to memory of 3852	652	336785376728d96a0356873946e4eda0N.exe	95
PID 2688 wrote to memory of 3684	2688	336785376728d96a0356873946e4eda0N.exe	96
PID 2688 wrote to memory of 3684	2688	336785376728d96a0356873946e4eda0N.exe	96
PID 2688 wrote to memory of 3684	2688	336785376728d96a0356873946e4eda0N.exe	96
PID 4868 wrote to memory of 4360	4868	336785376728d96a0356873946e4eda0N.exe	97
PID 4868 wrote to memory of 4360	4868	336785376728d96a0356873946e4eda0N.exe	97
PID 4868 wrote to memory of 4360	4868	336785376728d96a0356873946e4eda0N.exe	97
PID 4860 wrote to memory of 5116	4860	336785376728d96a0356873946e4eda0N.exe	98
PID 4860 wrote to memory of 5116	4860	336785376728d96a0356873946e4eda0N.exe	98
PID 4860 wrote to memory of 5116	4860	336785376728d96a0356873946e4eda0N.exe	98
PID 4868 wrote to memory of 2508	4868	336785376728d96a0356873946e4eda0N.exe	100
PID 4868 wrote to memory of 2508	4868	336785376728d96a0356873946e4eda0N.exe	100
PID 4868 wrote to memory of 2508	4868	336785376728d96a0356873946e4eda0N.exe	100
PID 2688 wrote to memory of 4132	2688	336785376728d96a0356873946e4eda0N.exe	101
PID 2688 wrote to memory of 4132	2688	336785376728d96a0356873946e4eda0N.exe	101
PID 2688 wrote to memory of 4132	2688	336785376728d96a0356873946e4eda0N.exe	101
PID 652 wrote to memory of 5112	652	336785376728d96a0356873946e4eda0N.exe	102
PID 652 wrote to memory of 5112	652	336785376728d96a0356873946e4eda0N.exe	102
PID 652 wrote to memory of 5112	652	336785376728d96a0356873946e4eda0N.exe	102
PID 3852 wrote to memory of 3468	3852	336785376728d96a0356873946e4eda0N.exe	103
PID 3852 wrote to memory of 3468	3852	336785376728d96a0356873946e4eda0N.exe	103
PID 3852 wrote to memory of 3468	3852	336785376728d96a0356873946e4eda0N.exe	103
PID 4860 wrote to memory of 5012	4860	336785376728d96a0356873946e4eda0N.exe	104
PID 4860 wrote to memory of 5012	4860	336785376728d96a0356873946e4eda0N.exe	104
PID 4860 wrote to memory of 5012	4860	336785376728d96a0356873946e4eda0N.exe	104
PID 3684 wrote to memory of 1408	3684	336785376728d96a0356873946e4eda0N.exe	105
PID 3684 wrote to memory of 1408	3684	336785376728d96a0356873946e4eda0N.exe	105
PID 3684 wrote to memory of 1408	3684	336785376728d96a0356873946e4eda0N.exe	105
PID 5116 wrote to memory of 1404	5116	336785376728d96a0356873946e4eda0N.exe	106
PID 5116 wrote to memory of 1404	5116	336785376728d96a0356873946e4eda0N.exe	106
PID 5116 wrote to memory of 1404	5116	336785376728d96a0356873946e4eda0N.exe	106
PID 4360 wrote to memory of 3700	4360	336785376728d96a0356873946e4eda0N.exe	107
PID 4360 wrote to memory of 3700	4360	336785376728d96a0356873946e4eda0N.exe	107
PID 4360 wrote to memory of 3700	4360	336785376728d96a0356873946e4eda0N.exe	107
PID 4868 wrote to memory of 2948	4868	336785376728d96a0356873946e4eda0N.exe	108
PID 4868 wrote to memory of 2948	4868	336785376728d96a0356873946e4eda0N.exe	108
PID 4868 wrote to memory of 2948	4868	336785376728d96a0356873946e4eda0N.exe	108
PID 2688 wrote to memory of 4012	2688	336785376728d96a0356873946e4eda0N.exe	109
PID 2688 wrote to memory of 4012	2688	336785376728d96a0356873946e4eda0N.exe	109
PID 2688 wrote to memory of 4012	2688	336785376728d96a0356873946e4eda0N.exe	109
PID 652 wrote to memory of 1144	652	336785376728d96a0356873946e4eda0N.exe	110
PID 652 wrote to memory of 1144	652	336785376728d96a0356873946e4eda0N.exe	110
PID 652 wrote to memory of 1144	652	336785376728d96a0356873946e4eda0N.exe	110
PID 3852 wrote to memory of 3212	3852	336785376728d96a0356873946e4eda0N.exe	111
PID 3852 wrote to memory of 3212	3852	336785376728d96a0356873946e4eda0N.exe	111
PID 3852 wrote to memory of 3212	3852	336785376728d96a0356873946e4eda0N.exe	111
PID 4860 wrote to memory of 4404	4860	336785376728d96a0356873946e4eda0N.exe	112
PID 4860 wrote to memory of 4404	4860	336785376728d96a0356873946e4eda0N.exe	112
PID 4860 wrote to memory of 4404	4860	336785376728d96a0356873946e4eda0N.exe	112
PID 5116 wrote to memory of 1748	5116	336785376728d96a0356873946e4eda0N.exe	114
PID 5116 wrote to memory of 1748	5116	336785376728d96a0356873946e4eda0N.exe	114
PID 5116 wrote to memory of 1748	5116	336785376728d96a0356873946e4eda0N.exe	114
PID 3684 wrote to memory of 3984	3684	336785376728d96a0356873946e4eda0N.exe	115

C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
"C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:652
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:20440
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:19996
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:20636
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:20008
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:19852
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:20116
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:2224
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:2908
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:3672
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:20628
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:8164
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:11144
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:14040
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:17416
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        8⤵
        
        PID:19956
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:18664
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:20648
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:18648
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:20656
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:20432
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:18672
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:680
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:18656
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:6956
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:8172
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:10944
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:13888
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:1016
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        7⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:6864
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:8188
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:13920
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:16008
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:18624
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:18712
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
        5⤵
        
        PID:19952
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:1060
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:7132
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:20704
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:14172
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:18688
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:4012
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:208
  - - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
      "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
      4⤵
      PID:18704
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:7440
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:11044
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:14184
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:6764
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:5436
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:6532
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:13896
- - C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
    "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
    3⤵
    PID:17600
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:7072
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:8140
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:10968
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:13904
- C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe
  "C:\Users\Admin\AppData\Local\Temp\336785376728d96a0356873946e4eda0N.exe"
  2⤵
  PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian blowjob fetish licking girly .mpg.exe

Filesize
436KB

MD5
6f1eb33860a2fe46a94f8c373fa38800

SHA1
7ae28db732f6307f55d1d89bcd677e7830f65be7

SHA256
947ab4ad4425cd86d0b00412ec42dafbad639dacf8a3f6f7ff71a6b993fc6b62

SHA512
a18049f2a832d65a3fb5aec16b105d12ead1a841b00285f7cc48945be1fdaaa466060df67a55c55356615bd65cb93e202490149e3816d149d6faa3035e95f208

Download Submit
C:\debug.txt

Filesize
146B

MD5
8ab68be1537195d1f3bed27133729a46

SHA1
f78fe830633c39257ca4ad39c46a25fadb94362c

SHA256
0a05ff5e7e13dfd8df367039a1d867b10c4edd072d69320ad9667e94724dcdf0

SHA512
b06d4e717db7a000e12bf2b82e77f224927759e3099899d2551e30ace4c60c826638b3cede010ae22c9d1f9ea76481744034d2f7117a3b9b426155fcbca5179c

Download Submit
memory/652-31-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/680-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1144-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1408-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1748-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1776-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1972-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2688-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2972-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3700-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3984-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4012-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4404-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4868-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4888-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4952-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5012-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5156-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5196-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5328-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5340-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5364-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5372-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5388-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5420-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5428-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5444-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5720-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6104-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6176-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6228-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6236-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6252-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6284-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6324-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6408-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6452-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6460-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6508-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6532-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6544-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6648-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6652-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6660-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6672-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6864-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6872-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6928-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6956-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7008-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7048-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7060-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7088-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7116-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7124-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7132-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7364-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7440-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7468-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7532-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7620-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7648-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7680-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8044-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8068-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8076-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8084-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8092-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8100-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8108-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8116-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8124-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8132-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8140-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8148-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8156-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8164-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8180-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8188-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8200-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8208-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8216-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8228-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8236-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8244-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8256-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8264-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8288-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8620-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8640-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8648-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download