ed9957ca779e0ee03af2f1b623fc4fb936e0225d167cb988931e60d98a55cf2f

Analysis

max time kernel
11s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45e2bb2427506cd7955fa0c6fa5f1790N.exe
Size

1.3MB
MD5

45e2bb2427506cd7955fa0c6fa5f1790
SHA1

de524fcbe3ea8aa669fcaa9218d08be658becb3f
SHA256

ed9957ca779e0ee03af2f1b623fc4fb936e0225d167cb988931e60d98a55cf2f
SHA512

f3dcb407e2c2fac97bf33a63a086683f251b5047089c871e6e00d2ef0e65d5f33e41745b469283beebabd7a5e862bd2aa69e5206665b652ab9198eebab3a337d
SSDEEP

24576:2wiwffga7QW+wZniqT5vkEKxHJMwsi+mvJSUXJn9qmzsVkgIuXi:hbffgaT+w8qF/YJMTxUdtQVkB

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000\Control Panel\International\Geo\Nation	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\J:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\N:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\X:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Y:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\A:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\E:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Q:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\U:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\S:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\T:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\K:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\L:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\I:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\M:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\O:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\P:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\R:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\V:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\B:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\G:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\W:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Z:	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie gay sleeping fishy .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking fucking hidden feet fishy (Anniston,Sonja).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian handjob full movie hairy (Liz).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fetish masturbation young .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\System32\DriverStore\Temp\black cumshot action [free] mature (Ashley,Sonja).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish xxx kicking licking cock gorgeoushorny (Melissa).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\handjob horse big .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african nude beastiality full movie (Sarah,Christine).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian handjob animal girls .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian gang bang cumshot [milf] (Sarah).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\action several models latex .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese xxx girls bedroom (Christine,Jenna).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\horse big .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob girls balls .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\cum fucking [milf] (Sarah,Gina).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese lesbian hot (!) .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action hot (!) girly .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian hardcore catfight gorgeoushorny (Sarah,Janette).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian fucking public (Janette,Sylvia).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian xxx sleeping black hairunshaved .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\asian action hardcore public upskirt (Jenna).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A0F.tmp\brasilian nude licking circumcision (Kathrin,Karin).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Common Files\microsoft shared\porn hidden .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gang bang cumshot [bangbus] bondage .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia beastiality nude lesbian feet .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\dotnet\shared\cum bukkake public nipples traffic .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn girls granny .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal beast masturbation mistress (Sandy).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african gang bang horse hidden bedroom .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Google\Temp\horse trambling hot (!) (Curtney).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking beast public .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\british gang bang cumshot girls circumcision .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\beastiality action masturbation .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\norwegian sperm [milf] granny .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lingerie horse masturbation .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\asian sperm bukkake licking traffic .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\xxx catfight cock balls .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian blowjob blowjob big hotel .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\french xxx horse voyeur sm (Sonja,Tatjana).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gang bang gang bang several models .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cumshot beast big .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cumshot bukkake hidden vagina .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\animal girls lady .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\malaysia kicking kicking hidden .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\handjob trambling [milf] redhair .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\porn sperm masturbation .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse girls beautyfull (Karin).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\xxx [free] sm (Tatjana).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish animal blowjob several models nipples hairy (Karin,Christine).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake hardcore girls mature .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian action lesbian nipples beautyfull .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african kicking gang bang [bangbus] cock 50+ .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\danish cumshot fucking licking .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum [free] (Tatjana,Sandy).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\spanish sperm catfight wifey .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish nude several models nipples .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian cumshot girls penetration (Curtney).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\tmp\russian lesbian lesbian ejaculation .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\security\templates\beastiality public latex .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\beastiality girls .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\sperm hidden .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american fetish beast [milf] .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\spanish cumshot licking traffic .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian gang bang bukkake [bangbus] pregnant .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia beast hidden ¼ë (Sandy).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cum [bangbus] .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\danish blowjob hardcore sleeping mistress .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\CbsTemp\asian beastiality nude [milf] swallow (Tatjana,Jenna).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian porn hidden boobs balls .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\animal full movie .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\malaysia horse animal several models feet mistress (Liz).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\french hardcore bukkake lesbian .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french sperm sperm catfight .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\PLA\Templates\cumshot kicking big femdom .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse masturbation black hairunshaved .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian kicking nude several models .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\african gay cum lesbian (Samantha).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\mssrv.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\kicking [milf] boobs hairy (Anniston).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\canadian xxx [milf] .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\malaysia nude fucking [free] .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\african porn lingerie lesbian feet femdom .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SoftwareDistribution\Download\indian fucking cumshot several models titts (Christine,Samantha).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot action uncut (Sonja,Sonja).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian lesbian lesbian sweet .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cumshot [free] ash swallow .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Downloaded Program Files\bukkake licking (Janette).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\InputMethod\SHARED\animal public penetration .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay handjob hot (!) feet high heels .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian nude nude catfight .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling [milf] latex (Karin,Sandy).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black blowjob sperm several models glans .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\german lingerie gang bang uncut traffic .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\nude action several models latex .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french xxx sleeping glans gorgeoushorny .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2680	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2680	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4888	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4888	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2776	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2352	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2776	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2352	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4512	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4512	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2400	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4932	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4932	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1660	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1660	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe
4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3604	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	86
PID 3400 wrote to memory of 3604	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	86
PID 3400 wrote to memory of 3604	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	86
PID 3604 wrote to memory of 2296	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	87
PID 3604 wrote to memory of 2296	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	87
PID 3604 wrote to memory of 2296	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	87
PID 3400 wrote to memory of 3852	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	88
PID 3400 wrote to memory of 3852	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	88
PID 3400 wrote to memory of 3852	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	88
PID 3604 wrote to memory of 1384	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	89
PID 3604 wrote to memory of 1384	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	89
PID 3604 wrote to memory of 1384	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	89
PID 3400 wrote to memory of 4432	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	90
PID 3400 wrote to memory of 4432	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	90
PID 3400 wrote to memory of 4432	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	90
PID 2296 wrote to memory of 2680	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	91
PID 2296 wrote to memory of 2680	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	91
PID 2296 wrote to memory of 2680	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	91
PID 3852 wrote to memory of 4888	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	92
PID 3852 wrote to memory of 4888	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	92
PID 3852 wrote to memory of 4888	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	92
PID 3604 wrote to memory of 2352	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	93
PID 3604 wrote to memory of 2352	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	93
PID 3604 wrote to memory of 2352	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	93
PID 3400 wrote to memory of 2776	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	94
PID 3400 wrote to memory of 2776	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	94
PID 3400 wrote to memory of 2776	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	94
PID 2296 wrote to memory of 4512	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	95
PID 2296 wrote to memory of 4512	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	95
PID 2296 wrote to memory of 4512	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	95
PID 3852 wrote to memory of 2400	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	96
PID 3852 wrote to memory of 2400	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	96
PID 3852 wrote to memory of 2400	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	96
PID 1384 wrote to memory of 4932	1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe	97
PID 1384 wrote to memory of 4932	1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe	97
PID 1384 wrote to memory of 4932	1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe	97
PID 4432 wrote to memory of 1660	4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe	98
PID 4432 wrote to memory of 1660	4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe	98
PID 4432 wrote to memory of 1660	4432	45e2bb2427506cd7955fa0c6fa5f1790N.exe	98
PID 2680 wrote to memory of 1932	2680	45e2bb2427506cd7955fa0c6fa5f1790N.exe	99
PID 2680 wrote to memory of 1932	2680	45e2bb2427506cd7955fa0c6fa5f1790N.exe	99
PID 2680 wrote to memory of 1932	2680	45e2bb2427506cd7955fa0c6fa5f1790N.exe	99
PID 4888 wrote to memory of 4088	4888	45e2bb2427506cd7955fa0c6fa5f1790N.exe	100
PID 4888 wrote to memory of 4088	4888	45e2bb2427506cd7955fa0c6fa5f1790N.exe	100
PID 4888 wrote to memory of 4088	4888	45e2bb2427506cd7955fa0c6fa5f1790N.exe	100
PID 2776 wrote to memory of 4564	2776	45e2bb2427506cd7955fa0c6fa5f1790N.exe	101
PID 2776 wrote to memory of 4564	2776	45e2bb2427506cd7955fa0c6fa5f1790N.exe	101
PID 2776 wrote to memory of 4564	2776	45e2bb2427506cd7955fa0c6fa5f1790N.exe	101
PID 3400 wrote to memory of 324	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	102
PID 3400 wrote to memory of 324	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	102
PID 3400 wrote to memory of 324	3400	45e2bb2427506cd7955fa0c6fa5f1790N.exe	102
PID 3604 wrote to memory of 1732	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	103
PID 3604 wrote to memory of 1732	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	103
PID 3604 wrote to memory of 1732	3604	45e2bb2427506cd7955fa0c6fa5f1790N.exe	103
PID 2352 wrote to memory of 5068	2352	45e2bb2427506cd7955fa0c6fa5f1790N.exe	104
PID 2352 wrote to memory of 5068	2352	45e2bb2427506cd7955fa0c6fa5f1790N.exe	104
PID 2352 wrote to memory of 5068	2352	45e2bb2427506cd7955fa0c6fa5f1790N.exe	104
PID 2296 wrote to memory of 2992	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	105
PID 2296 wrote to memory of 2992	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	105
PID 2296 wrote to memory of 2992	2296	45e2bb2427506cd7955fa0c6fa5f1790N.exe	105
PID 3852 wrote to memory of 4832	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	106
PID 3852 wrote to memory of 4832	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	106
PID 3852 wrote to memory of 4832	3852	45e2bb2427506cd7955fa0c6fa5f1790N.exe	106
PID 1384 wrote to memory of 4192	1384	45e2bb2427506cd7955fa0c6fa5f1790N.exe	107

C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
"C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22220
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22132
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21444
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:19304
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:23516
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22416
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:20212
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:20492
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22212
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22228
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:20268
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22164
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22240
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19512
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22188
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21136
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19076
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:18196
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:19060
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:23764
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:19032
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:23676
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22124
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:19024
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22480
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22148
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21060
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22116
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:23492
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:20460
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:18800
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:23448
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21220
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:20720
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:23772
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:23608
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:21596
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19376
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19784
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22204
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20360
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20476
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12224
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:17608
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:20468
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22196
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:21128
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:20352
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20736
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22620
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:23852
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22140
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:23708
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21932
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22108
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20712
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22940
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:19952
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:19400
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12880
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:18808
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4432
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18816
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22612
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:23916
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:13136
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22172
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:3464
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:23508
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:19524
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:1684
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:13564
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:19532
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:18824
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17176
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11144
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:23908
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15620
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:18188
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:11956
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:16960
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:23440
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:324
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22180
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20728
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:19040
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12072
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:17272
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:23668
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:17728
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:20452
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:13068
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4884
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:6148
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:23700
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:15364
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:22156
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:8372
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:652
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:12048
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:17208
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:11168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian fucking public (Janette,Sylvia).mpg.exe

Filesize
1.5MB

MD5
055cb20be88887a9650115ae8e364f40

SHA1
bacf23919adb39dba6598e0d03396d884a9a3a40

SHA256
d8d26ecee6f7d491afb69d5b4ae3f9827044886b920d47f2e1b1545f138035c2

SHA512
4a143e01ca1bc717cdf03e91f07081a088d77daffe22173936b170212ba66758d69510122adc2a639e02479fb24498855f25ab245f969cc45e94bfb6a33652c8

Download Submit