6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017

Analysis

max time kernel
17s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Size

2.0MB
MD5

a7a963f4baaefbdf9043e30d900b5b20
SHA1

3ff01b8455f3200d465869c3a5a2866f197f2a1d
SHA256

6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017
SHA512

d5ec31291f3dcd9ba328707509923540ca81ccfca8eb6405688fce8194d2a53649d0f00203d2a402f5d06f0a9e49bc8b190a1c693fe5eb91991d6db12eb0996d
SSDEEP

49152:VHSRQDhp0PQXAm3SwVQpp+xZXP2W1TrfDGyaGQbOD:iQTWuVJupQZuuLGy

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 22 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\O:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\V:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Y:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\H:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\K:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\E:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\P:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\L:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\M:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Q:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\S:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\U:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\X:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\B:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\J:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\Z:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\I:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\R:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\T:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\W:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\A:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File opened (read-only)	\??\G:	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\black kicking several models granny .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie public 40+ (Sylvia,Curtney).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish bukkake uncut titts girly .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african nude girls traffic .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\FxsTmp\kicking licking ash .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian action masturbation .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese horse fucking [milf] sm .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish cumshot kicking several models .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black cum masturbation legs young .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake sleeping high heels (Christine,Jenna).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling blowjob licking hotel .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal fucking [free] hole bondage .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish horse girls .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian lesbian fetish several models 40+ (Janette,Jade).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black blowjob voyeur beautyfull .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gang bang porn uncut .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\british lingerie masturbation glans gorgeoushorny .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Google\Update\Download\american bukkake beast uncut traffic .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian fucking beastiality hot (!) vagina granny .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\dotnet\shared\xxx cum girls YEâPSè& .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lingerie beast masturbation feet (Jade).avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot trambling [free] .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese kicking fucking [bangbus] upskirt (Gina).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish fetish lesbian [free] legs bedroom .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Google\Temp\italian hardcore kicking lesbian ejaculation .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german fetish girls mature (Kathrin,Janette).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish animal several models boobs .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\french fucking [milf] boobs YEâPSè& .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian cumshot uncut castration (Sonja).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\CbsTemp\bukkake horse hidden cock ìó (Gina,Sonja).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american trambling horse licking upskirt .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob masturbation gorgeoushorny .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\brasilian bukkake sleeping leather (Gina,Liz).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\indian fucking lingerie licking hairy .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american beastiality girls stockings .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian porn big ash (Ashley,Curtney).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\american hardcore [bangbus] (Karin).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\canadian beast fucking hidden ash .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\bukkake hot (!) .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\xxx big .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\german gang bang full movie .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\italian gang bang catfight legs .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish hardcore full movie .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Downloaded Program Files\german cumshot several models latex (Sandy).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\asian handjob beastiality [milf] legs hotel (Melissa,Britney).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\italian handjob lingerie [free] .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\hardcore lingerie [free] feet traffic (Karin).avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore blowjob [bangbus] .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SoftwareDistribution\Download\kicking blowjob masturbation boobs .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\russian nude sleeping sweet .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\horse sperm uncut sweet .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian kicking gay hot (!) sweet .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\italian lesbian [bangbus] titts upskirt .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\lesbian sperm several models bondage (Kathrin).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking sleeping ash girly .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\danish horse full movie .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\asian sperm public .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\horse masturbation .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\german cumshot beastiality lesbian nipples shoes .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\mssrv.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\hardcore [free] .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\hardcore licking Ôï .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\chinese porn [free] feet fishy .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\italian horse bukkake voyeur vagina YEâPSè& .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\tyrkish blowjob hardcore [free] titts Ôï .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx trambling hot (!) .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese gang bang fucking hot (!) legs (Kathrin).mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\french action girls .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\fetish big ash castration (Ashley).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\japanese hardcore lesbian hidden redhair (Liz,Sonja).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\japanese kicking [free] sm .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\blowjob [free] femdom .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese horse voyeur .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\british cumshot cum girls .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian blowjob sleeping glans redhair (Sonja,Kathrin).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese horse fucking [bangbus] femdom (Karin).rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cum nude [free] glans 40+ .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\nude hot (!) mature .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\handjob big latex .mpeg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german porn lingerie voyeur 50+ (Jenna).zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian handjob gay uncut hole high heels .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\french fetish hardcore girls titts lady .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\kicking sleeping .avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian kicking gang bang [bangbus] feet .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish animal handjob several models legs stockings .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\spanish trambling xxx several models titts hairy .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\assembly\tmp\cum hot (!) bondage (Sandy,Curtney).avi.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american blowjob fetish voyeur .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american fetish hot (!) glans gorgeoushorny .rar.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\beast uncut penetration (Gina,Ashley).mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\InputMethod\SHARED\italian handjob lesbian nipples wifey .mpg.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian fucking big traffic .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian gay hardcore voyeur bedroom .zip.exe	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4484	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4484	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3596	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3596	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2160	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2160	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
920	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
920	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2380	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
2380	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1444	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1444	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
740	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
740	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1880	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
1880	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 3768	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	86
PID 4216 wrote to memory of 3768	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	86
PID 4216 wrote to memory of 3768	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	86
PID 3768 wrote to memory of 1592	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	87
PID 3768 wrote to memory of 1592	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	87
PID 3768 wrote to memory of 1592	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	87
PID 4216 wrote to memory of 2984	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	88
PID 4216 wrote to memory of 2984	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	88
PID 4216 wrote to memory of 2984	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	88
PID 3768 wrote to memory of 1212	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	89
PID 3768 wrote to memory of 1212	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	89
PID 3768 wrote to memory of 1212	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	89
PID 4216 wrote to memory of 4152	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	90
PID 4216 wrote to memory of 4152	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	90
PID 4216 wrote to memory of 4152	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	90
PID 2984 wrote to memory of 3940	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	91
PID 2984 wrote to memory of 3940	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	91
PID 2984 wrote to memory of 3940	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	91
PID 1592 wrote to memory of 4020	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	92
PID 1592 wrote to memory of 4020	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	92
PID 1592 wrote to memory of 4020	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	92
PID 4216 wrote to memory of 4248	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	93
PID 4216 wrote to memory of 4248	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	93
PID 4216 wrote to memory of 4248	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	93
PID 2984 wrote to memory of 4484	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	94
PID 2984 wrote to memory of 4484	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	94
PID 2984 wrote to memory of 4484	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	94
PID 3768 wrote to memory of 920	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	95
PID 3768 wrote to memory of 920	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	95
PID 3768 wrote to memory of 920	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	95
PID 1592 wrote to memory of 3596	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	96
PID 1592 wrote to memory of 3596	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	96
PID 1592 wrote to memory of 3596	1592	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	96
PID 3940 wrote to memory of 2160	3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	97
PID 3940 wrote to memory of 2160	3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	97
PID 3940 wrote to memory of 2160	3940	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	97
PID 1212 wrote to memory of 2380	1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	98
PID 1212 wrote to memory of 2380	1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	98
PID 1212 wrote to memory of 2380	1212	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	98
PID 4152 wrote to memory of 1444	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	99
PID 4152 wrote to memory of 1444	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	99
PID 4152 wrote to memory of 1444	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	99
PID 4020 wrote to memory of 740	4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	100
PID 4020 wrote to memory of 740	4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	100
PID 4020 wrote to memory of 740	4020	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	100
PID 4216 wrote to memory of 2632	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	102
PID 4216 wrote to memory of 2632	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	102
PID 4216 wrote to memory of 2632	4216	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	102
PID 2984 wrote to memory of 1880	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	101
PID 2984 wrote to memory of 1880	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	101
PID 2984 wrote to memory of 1880	2984	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	101
PID 3768 wrote to memory of 2352	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	104
PID 3768 wrote to memory of 2352	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	104
PID 3768 wrote to memory of 2352	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	104
PID 4152 wrote to memory of 384	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	105
PID 4152 wrote to memory of 384	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	105
PID 4152 wrote to memory of 384	4152	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	105
PID 3768 wrote to memory of 1168	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	106
PID 3768 wrote to memory of 1168	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	106
PID 3768 wrote to memory of 1168	3768	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	106
PID 4484 wrote to memory of 1060	4484	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	115
PID 4484 wrote to memory of 1060	4484	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	115
PID 4484 wrote to memory of 1060	4484	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	115
PID 2160 wrote to memory of 4472	2160	6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe	116

C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
"C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        8⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14080
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11412
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11476
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:12632
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7480
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:8664
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:14064
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14072
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:15564
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:13796
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7496
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:13976
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11520
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:384
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11360
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11460
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:13584
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14576
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:8968
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:14048
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  PID:4248
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11352
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14220
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:13612
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5988
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7376
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7936
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:14016
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
        5⤵
        
        PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:14732
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7696
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:11404
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1192
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
      "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
      4⤵
      PID:13808
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:7560
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:11468
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:5348
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:8644
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:13028
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:6880
- - C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
    "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
    3⤵
    PID:12512
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:7464
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:4928
- C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe
  "C:\Users\Admin\AppData\Local\Temp\6062bd1438eff974558b4327272d13b81085ccb289a1e9567ad7668c43ccb017N.exe"
  2⤵
  PID:14040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish animal several models boobs .mpg.exe

Filesize
1.9MB

MD5
5ca1d1cf88921f7f9c2a2bf533a71d1a

SHA1
9eb910dfd113d29d3c2c43a5db3c20ab2dea1cd2

SHA256
d509207d43fe93c9b09278b2e17b2065498503d44f8639d3524b9c253e12ce2b

SHA512
1ca571ff362acec347d5dc843d4b1d8b00cb23d555cf28b147a7c5ddc0e08820c0b20374dd4771a9d6c1d463e3d2ce15daedc5733dafc811c03c2b9ce28ffbcd

Download Submit
memory/384-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/740-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1060-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1168-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1192-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1212-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1444-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1592-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1592-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1764-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2160-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2352-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2380-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2600-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2876-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2880-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3716-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3768-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3768-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3940-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3940-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4000-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4020-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4020-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4152-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4152-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4216-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4216-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4248-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4396-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4472-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4504-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4744-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5136-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5160-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5256-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5348-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5364-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5508-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5568-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5824-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5860-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5904-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6020-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6124-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6180-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6344-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6412-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6420-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6428-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6520-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6556-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6644-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6752-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6792-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6800-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6880-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7164-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7376-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7384-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7392-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7400-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7408-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7416-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7448-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7472-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7480-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7552-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7560-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7568-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7584-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7592-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7600-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7608-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7616-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7644-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7664-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7672-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7680-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7688-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7696-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7704-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7712-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7816-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8324-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8524-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8636-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8644-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9400-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9832-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9896-324-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9904-325-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download