53be121f43c932ed055809941bf44cfcd127864de8022f0d5d7a09b11383e5f6

Analysis

max time kernel
11s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0bab4b66bd34520d54710df167f490N.exe
Size

1.2MB
MD5

4f0bab4b66bd34520d54710df167f490
SHA1

277b85a36a5224e6e04376d4296aebd522ea584b
SHA256

53be121f43c932ed055809941bf44cfcd127864de8022f0d5d7a09b11383e5f6
SHA512

5e7205cb118449f0a39487418724bec7426cc545fc013db394398dd90d3fd778d8524db48934004196a8367a2aac8092eda7c38f533a3af8bba6843c8fbba4ac
SSDEEP

24576:oWVhUEtkXl2UND+cXwyEs10imntO1VSKivKvnT:VR8vats10iJSKdnT

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4f0bab4b66bd34520d54710df167f490N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4f0bab4b66bd34520d54710df167f490N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\E:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\H:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\I:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\K:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\P:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\Q:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\A:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\B:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\L:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\V:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\G:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\M:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\N:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\U:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\X:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\Z:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\J:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\O:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\R:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\S:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\T:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\Y:	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\porn masturbation blondie .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese hardcore voyeur stockings .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\kicking nude licking young .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality big .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african blowjob sperm big 40+ .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore licking shoes .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\horse beastiality hidden stockings .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish beastiality catfight legs sm .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian animal voyeur hole .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian nude full movie mistress .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia bukkake lesbian bedroom .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\System32\DriverStore\Temp\beast horse big cock (Sylvia).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\porn nude licking .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish lingerie lesbian hole .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian blowjob hidden nipples gorgeoushorny .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian handjob hot (!) stockings .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian fucking hot (!) feet shoes (Sylvia).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american bukkake horse catfight (Sylvia).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian horse girls girly .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian trambling big hairy (Sarah).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\french kicking uncut castration .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\asian lingerie big stockings (Curtney,Tatjana).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm blowjob [milf] pregnant .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay hot (!) hotel .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese gang bang [milf] cock castration .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum lesbian legs stockings .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\action hardcore masturbation ash boots (Anniston,Tatjana).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Common Files\microsoft shared\malaysia beast porn masturbation sm .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Google\Temp\canadian nude catfight .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\french nude [bangbus] beautyfull .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian nude horse voyeur ash .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal horse [bangbus] glans .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\xxx fucking [milf] swallow (Janette).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie hardcore public cock boots (Sonja).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SoftwareDistribution\Download\french cumshot animal several models hole .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse [free] lady .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\german lingerie masturbation blondie .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action hidden mistress (Sonja,Ashley).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british horse girls cock black hairunshaved (Liz,Ashley).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\mssrv.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian horse girls bondage .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking blowjob lesbian stockings (Janette).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\InputMethod\SHARED\nude beastiality [free] 50+ .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cumshot fucking catfight cock sweet (Sonja,Jenna).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\bukkake lesbian vagina mistress .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\german animal hidden vagina .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian bukkake [milf] high heels .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\security\templates\german sperm [free] .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast cumshot licking shower (Britney,Gina).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum bukkake uncut feet latex .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\nude horse several models high heels .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish sperm [bangbus] .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\tyrkish gang bang public feet (Jenna,Jade).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\american gay uncut .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian fetish sperm several models latex (Tatjana).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian lingerie girls high heels .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\chinese porn animal lesbian high heels (Melissa,Jenna).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lingerie uncut cock .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\tyrkish handjob several models vagina ejaculation .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\hardcore full movie lady .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\bukkake horse big young .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian horse uncut (Ashley,Britney).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\trambling lesbian ash 40+ (Sylvia).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african sperm [milf] .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\lesbian xxx hot (!) vagina .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\animal hidden .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian trambling masturbation boobs penetration (Janette,Tatjana).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american trambling lesbian .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake gang bang several models high heels (Ashley,Sylvia).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\japanese horse lesbian lady .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\black xxx animal full movie bondage .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\action licking granny .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\lesbian kicking full movie .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian cum lesbian hot (!) sm .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian fetish action girls hotel .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay several models ejaculation (Tatjana,Liz).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\russian horse horse [bangbus] traffic .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian fucking hidden .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\action sleeping vagina (Tatjana,Ashley).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian cum hidden (Christine,Gina).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\japanese horse fetish voyeur YEâPSè& .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\trambling [bangbus] traffic .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\PLA\Templates\spanish fucking lesbian licking legs (Janette).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\chinese lingerie handjob several models feet 50+ .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african gay horse [milf] nipples (Sylvia).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian cumshot trambling public lady .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\black gang bang horse full movie feet .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\spanish gang bang sperm full movie feet traffic .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse several models ash .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\CbsTemp\german blowjob [free] .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\action girls sm .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\sperm [free] boobs (Sonja,Samantha).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Downloaded Program Files\brasilian cum gay [milf] titts .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1756	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
1732	4f0bab4b66bd34520d54710df167f490N.exe
1732	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
3688	4f0bab4b66bd34520d54710df167f490N.exe
3688	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
1904	4f0bab4b66bd34520d54710df167f490N.exe
1904	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
4556	4f0bab4b66bd34520d54710df167f490N.exe
4556	4f0bab4b66bd34520d54710df167f490N.exe
1732	4f0bab4b66bd34520d54710df167f490N.exe
1732	4f0bab4b66bd34520d54710df167f490N.exe
2780	4f0bab4b66bd34520d54710df167f490N.exe
2780	4f0bab4b66bd34520d54710df167f490N.exe
752	4f0bab4b66bd34520d54710df167f490N.exe
752	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
2752	4f0bab4b66bd34520d54710df167f490N.exe
3688	4f0bab4b66bd34520d54710df167f490N.exe
3688	4f0bab4b66bd34520d54710df167f490N.exe
4996	4f0bab4b66bd34520d54710df167f490N.exe
4996	4f0bab4b66bd34520d54710df167f490N.exe
3056	4f0bab4b66bd34520d54710df167f490N.exe
3056	4f0bab4b66bd34520d54710df167f490N.exe
1904	4f0bab4b66bd34520d54710df167f490N.exe
1904	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
1756	4f0bab4b66bd34520d54710df167f490N.exe
3380	4f0bab4b66bd34520d54710df167f490N.exe
3380	4f0bab4b66bd34520d54710df167f490N.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2752	1756	4f0bab4b66bd34520d54710df167f490N.exe	86
PID 1756 wrote to memory of 2752	1756	4f0bab4b66bd34520d54710df167f490N.exe	86
PID 1756 wrote to memory of 2752	1756	4f0bab4b66bd34520d54710df167f490N.exe	86
PID 1756 wrote to memory of 1732	1756	4f0bab4b66bd34520d54710df167f490N.exe	89
PID 1756 wrote to memory of 1732	1756	4f0bab4b66bd34520d54710df167f490N.exe	89
PID 1756 wrote to memory of 1732	1756	4f0bab4b66bd34520d54710df167f490N.exe	89
PID 2752 wrote to memory of 3688	2752	4f0bab4b66bd34520d54710df167f490N.exe	90
PID 2752 wrote to memory of 3688	2752	4f0bab4b66bd34520d54710df167f490N.exe	90
PID 2752 wrote to memory of 3688	2752	4f0bab4b66bd34520d54710df167f490N.exe	90
PID 1756 wrote to memory of 1904	1756	4f0bab4b66bd34520d54710df167f490N.exe	93
PID 1756 wrote to memory of 1904	1756	4f0bab4b66bd34520d54710df167f490N.exe	93
PID 1756 wrote to memory of 1904	1756	4f0bab4b66bd34520d54710df167f490N.exe	93
PID 1732 wrote to memory of 4556	1732	4f0bab4b66bd34520d54710df167f490N.exe	94
PID 1732 wrote to memory of 4556	1732	4f0bab4b66bd34520d54710df167f490N.exe	94
PID 1732 wrote to memory of 4556	1732	4f0bab4b66bd34520d54710df167f490N.exe	94
PID 2752 wrote to memory of 2780	2752	4f0bab4b66bd34520d54710df167f490N.exe	95
PID 2752 wrote to memory of 2780	2752	4f0bab4b66bd34520d54710df167f490N.exe	95
PID 2752 wrote to memory of 2780	2752	4f0bab4b66bd34520d54710df167f490N.exe	95
PID 3688 wrote to memory of 752	3688	4f0bab4b66bd34520d54710df167f490N.exe	96
PID 3688 wrote to memory of 752	3688	4f0bab4b66bd34520d54710df167f490N.exe	96
PID 3688 wrote to memory of 752	3688	4f0bab4b66bd34520d54710df167f490N.exe	96
PID 1904 wrote to memory of 4996	1904	4f0bab4b66bd34520d54710df167f490N.exe	98
PID 1904 wrote to memory of 4996	1904	4f0bab4b66bd34520d54710df167f490N.exe	98
PID 1904 wrote to memory of 4996	1904	4f0bab4b66bd34520d54710df167f490N.exe	98
PID 1756 wrote to memory of 3056	1756	4f0bab4b66bd34520d54710df167f490N.exe	99
PID 1756 wrote to memory of 3056	1756	4f0bab4b66bd34520d54710df167f490N.exe	99
PID 1756 wrote to memory of 3056	1756	4f0bab4b66bd34520d54710df167f490N.exe	99
PID 1732 wrote to memory of 3380	1732	4f0bab4b66bd34520d54710df167f490N.exe	100
PID 1732 wrote to memory of 3380	1732	4f0bab4b66bd34520d54710df167f490N.exe	100
PID 1732 wrote to memory of 3380	1732	4f0bab4b66bd34520d54710df167f490N.exe	100
PID 2752 wrote to memory of 1072	2752	4f0bab4b66bd34520d54710df167f490N.exe	101
PID 2752 wrote to memory of 1072	2752	4f0bab4b66bd34520d54710df167f490N.exe	101
PID 2752 wrote to memory of 1072	2752	4f0bab4b66bd34520d54710df167f490N.exe	101
PID 3688 wrote to memory of 1728	3688	4f0bab4b66bd34520d54710df167f490N.exe	102
PID 3688 wrote to memory of 1728	3688	4f0bab4b66bd34520d54710df167f490N.exe	102
PID 3688 wrote to memory of 1728	3688	4f0bab4b66bd34520d54710df167f490N.exe	102
PID 4556 wrote to memory of 760	4556	4f0bab4b66bd34520d54710df167f490N.exe	103
PID 4556 wrote to memory of 760	4556	4f0bab4b66bd34520d54710df167f490N.exe	103
PID 4556 wrote to memory of 760	4556	4f0bab4b66bd34520d54710df167f490N.exe	103
PID 2780 wrote to memory of 4508	2780	4f0bab4b66bd34520d54710df167f490N.exe	104
PID 2780 wrote to memory of 4508	2780	4f0bab4b66bd34520d54710df167f490N.exe	104
PID 2780 wrote to memory of 4508	2780	4f0bab4b66bd34520d54710df167f490N.exe	104
PID 752 wrote to memory of 2480	752	4f0bab4b66bd34520d54710df167f490N.exe	105
PID 752 wrote to memory of 2480	752	4f0bab4b66bd34520d54710df167f490N.exe	105
PID 752 wrote to memory of 2480	752	4f0bab4b66bd34520d54710df167f490N.exe	105
PID 1904 wrote to memory of 4332	1904	4f0bab4b66bd34520d54710df167f490N.exe	106
PID 1904 wrote to memory of 4332	1904	4f0bab4b66bd34520d54710df167f490N.exe	106
PID 1904 wrote to memory of 4332	1904	4f0bab4b66bd34520d54710df167f490N.exe	106
PID 1756 wrote to memory of 3840	1756	4f0bab4b66bd34520d54710df167f490N.exe	107
PID 1756 wrote to memory of 3840	1756	4f0bab4b66bd34520d54710df167f490N.exe	107
PID 1756 wrote to memory of 3840	1756	4f0bab4b66bd34520d54710df167f490N.exe	107

C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
"C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:20996
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:19852
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:22568
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21972
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19372
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21644
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20744
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:21360
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19464
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:23212
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:20972
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21628
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:23032
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:21004
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21688
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:22560
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21352
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20504
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21604
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:19236
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20964
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:20980
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21636
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20536
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21868
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22544
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21020
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20088
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18392
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21408
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20000
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21620
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18464
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18472
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21664
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22284
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21588
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22536
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18812
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:12600
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:18056
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:20188
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:23108
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21292
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:18984
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:23040
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20460
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22624
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21028
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:19312
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:19320
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20528
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22616
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20180
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20664
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21400
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:19700
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:21596
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3944
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20104
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:12616
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:17864
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:20032
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21612
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20988
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20172
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20112
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17840
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17228
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22552
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:21368
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:11928
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:16768
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22664
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20096
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18400
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20296
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18068
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20024
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:12608
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:17856
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:3840
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17248
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:16572
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:17416
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:12216
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:16832
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:5388
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:22632
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:18784
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:12208
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:16824
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:6708
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:11272
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:16076
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:21900
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:8780
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:17488
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:11944
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:16736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum lesbian legs stockings .rar.exe

Filesize
1.6MB

MD5
c2b1e8f240816972dbabeae0a12e024d

SHA1
119983fed891a007576f5ee043736ff8361e56a0

SHA256
96b280ad58aaa8bc70c7086a103e4250face21d8ad00354ababcef99c0d9189a

SHA512
0cdb52bc54ea86cb1797c0a69d1f0000bf6b7ee92a4d772e3c3218fa16b3f914544a56edd71348846dd5f611b3911fe6dfedae5bb4ab31e004e475ef295e022b

Download Submit