d3cac43aa5f332d19dc8343c3a34a99c0c77c9d906a205a55227888833a2929c

Analysis

max time kernel
17s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c74a63ff44b69c63087ffd3a21821430N.exe
Size

560KB
MD5

c74a63ff44b69c63087ffd3a21821430
SHA1

adb04661e9249d1eb3773d3b1cf2adc45607222d
SHA256

d3cac43aa5f332d19dc8343c3a34a99c0c77c9d906a205a55227888833a2929c
SHA512

43e86c8e4e9fa78a4a6c56ce46ca56c1e784ab210863f7e69c27271c65088ccd9a8117ef2e8a700c4b7367f571637830bc03b91e726df6300f2bd8e872d210f2
SSDEEP

12288:dXCNi9BUKYmJ4uw9wB+XOSppHQjIs8DHpWaLLlTf8sKjqoo7Cx:oWUKYmJCyaTQgHp7xTf8RqMx

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c74a63ff44b69c63087ffd3a21821430N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c74a63ff44b69c63087ffd3a21821430N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\R:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\W:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\H:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\J:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\M:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\O:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\P:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\X:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\I:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\K:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\L:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\Q:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\Y:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\Z:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\E:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\B:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\G:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\S:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\T:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\U:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\V:	c74a63ff44b69c63087ffd3a21821430N.exe
File opened (read-only)	\??\A:	c74a63ff44b69c63087ffd3a21821430N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\indian action hot (!) ash .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french cum cum [bangbus] (Karin).mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore blowjob [free] castration (Sarah,Ashley).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german action several models (Kathrin,Sylvia).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gang bang full movie blondie .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum beastiality uncut boots .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american beast masturbation latex (Melissa,Anniston).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie sleeping ash .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german gang bang fetish hot (!) sweet .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese lesbian [bangbus] nipples mature (Jenna,Christine).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse [milf] .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore xxx public (Ashley,Tatjana).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum full movie bondage .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian gay beast [milf] glans 40+ (Jade,Samantha).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian lesbian voyeur traffic (Janette).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish handjob girls .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay uncut YEâPSè& .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\nude lesbian licking feet .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\beast kicking hot (!) (Sylvia).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Google\Temp\asian animal cumshot hidden .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\action handjob full movie redhair .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\dotnet\shared\swedish trambling beastiality uncut feet girly .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish kicking hot (!) 40+ .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian gay gay licking feet .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian porn fetish [milf] nipples pregnant .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Google\Update\Download\handjob sperm big 40+ .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish bukkake fetish girls .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude [bangbus] 50+ (Jade).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black cum beastiality [bangbus] hotel (Melissa,Sonja).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british porn horse hidden glans sweet .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish beast fetish [milf] balls .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american animal fetish uncut sweet .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\danish cum catfight latex .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\canadian cum voyeur penetration .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\canadian animal sleeping nipples .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum public .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\american horse hot (!) .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\chinese fetish gay sleeping (Sylvia,Melissa).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\canadian gay licking .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian fetish bukkake licking mistress .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\porn uncut traffic .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish kicking catfight .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\african beast catfight mature .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\brasilian lesbian animal [milf] ash swallow .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\trambling hidden cock lady (Jade,Ashley).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\norwegian animal girls cock .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\african porn xxx voyeur cock .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\german lesbian hardcore big ash (Sandy).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\german fetish hidden high heels (Christine,Anniston).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse lesbian [bangbus] .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\norwegian fucking hot (!) (Sonja).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\tyrkish fucking [milf] hairy .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\norwegian cumshot licking boots (Sarah,Britney).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\nude masturbation .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beast bukkake [free] bondage .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking gang bang lesbian (Tatjana,Samantha).avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\british horse xxx public .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\russian porn fucking hot (!) wifey (Britney,Sonja).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\danish sperm big bondage .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\norwegian horse bukkake masturbation legs shower .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\japanese action big legs (Sonja).mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia horse [free] .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\assembly\temp\beast lingerie [milf] femdom .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\PLA\Templates\danish lesbian licking sm .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\lingerie beastiality hot (!) .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\norwegian nude nude big (Kathrin).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\japanese porn beastiality full movie .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french porn animal [free] young .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\brasilian horse lesbian boobs (Tatjana).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\Downloaded Program Files\brasilian lesbian uncut (Samantha).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian gang bang masturbation (Sonja,Christine).mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\french lingerie catfight shoes .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\swedish lesbian animal full movie .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian [milf] (Britney).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian animal porn hot (!) granny (Janette,Jenna).mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\brasilian cum action uncut (Samantha).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\CbsTemp\spanish cum nude several models shoes (Samantha,Samantha).mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish animal full movie ash .rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\horse lingerie [milf] young .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\spanish cumshot nude big mistress (Sonja,Sonja).mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african lingerie porn sleeping YEâPSè& .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\action blowjob licking legs .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fetish beastiality hot (!) ash fishy .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude lesbian ash .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\SoftwareDistribution\Download\kicking beastiality voyeur (Kathrin,Sarah).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang voyeur latex .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian blowjob porn several models .zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\danish hardcore lesbian circumcision .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish xxx voyeur Ôï .avi.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\japanese action uncut (Melissa,Samantha).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german fucking kicking hot (!) fishy .mpeg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\japanese fetish masturbation stockings .mpg.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\kicking uncut cock femdom (Tatjana,Janette).rar.exe	c74a63ff44b69c63087ffd3a21821430N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\lesbian trambling uncut redhair (Jenna,Kathrin).zip.exe	c74a63ff44b69c63087ffd3a21821430N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c74a63ff44b69c63087ffd3a21821430N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe
2148	c74a63ff44b69c63087ffd3a21821430N.exe
2148	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
876	c74a63ff44b69c63087ffd3a21821430N.exe
876	c74a63ff44b69c63087ffd3a21821430N.exe
1528	c74a63ff44b69c63087ffd3a21821430N.exe
1528	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
2508	c74a63ff44b69c63087ffd3a21821430N.exe
2508	c74a63ff44b69c63087ffd3a21821430N.exe
3312	c74a63ff44b69c63087ffd3a21821430N.exe
3312	c74a63ff44b69c63087ffd3a21821430N.exe
4208	c74a63ff44b69c63087ffd3a21821430N.exe
4208	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
1352	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
4188	c74a63ff44b69c63087ffd3a21821430N.exe
32	c74a63ff44b69c63087ffd3a21821430N.exe
32	c74a63ff44b69c63087ffd3a21821430N.exe
4384	c74a63ff44b69c63087ffd3a21821430N.exe
4384	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
4704	c74a63ff44b69c63087ffd3a21821430N.exe
2148	c74a63ff44b69c63087ffd3a21821430N.exe
2148	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1556	c74a63ff44b69c63087ffd3a21821430N.exe
1604	c74a63ff44b69c63087ffd3a21821430N.exe
1604	c74a63ff44b69c63087ffd3a21821430N.exe
3432	c74a63ff44b69c63087ffd3a21821430N.exe
3432	c74a63ff44b69c63087ffd3a21821430N.exe
1528	c74a63ff44b69c63087ffd3a21821430N.exe
1528	c74a63ff44b69c63087ffd3a21821430N.exe
876	c74a63ff44b69c63087ffd3a21821430N.exe
876	c74a63ff44b69c63087ffd3a21821430N.exe
2236	c74a63ff44b69c63087ffd3a21821430N.exe
2236	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe
5032	c74a63ff44b69c63087ffd3a21821430N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1556	1352	c74a63ff44b69c63087ffd3a21821430N.exe	84
PID 1352 wrote to memory of 1556	1352	c74a63ff44b69c63087ffd3a21821430N.exe	84
PID 1352 wrote to memory of 1556	1352	c74a63ff44b69c63087ffd3a21821430N.exe	84
PID 1352 wrote to memory of 4188	1352	c74a63ff44b69c63087ffd3a21821430N.exe	85
PID 1352 wrote to memory of 4188	1352	c74a63ff44b69c63087ffd3a21821430N.exe	85
PID 1352 wrote to memory of 4188	1352	c74a63ff44b69c63087ffd3a21821430N.exe	85
PID 1556 wrote to memory of 4704	1556	c74a63ff44b69c63087ffd3a21821430N.exe	86
PID 1556 wrote to memory of 4704	1556	c74a63ff44b69c63087ffd3a21821430N.exe	86
PID 1556 wrote to memory of 4704	1556	c74a63ff44b69c63087ffd3a21821430N.exe	86
PID 1352 wrote to memory of 5032	1352	c74a63ff44b69c63087ffd3a21821430N.exe	87
PID 1352 wrote to memory of 5032	1352	c74a63ff44b69c63087ffd3a21821430N.exe	87
PID 1352 wrote to memory of 5032	1352	c74a63ff44b69c63087ffd3a21821430N.exe	87
PID 4188 wrote to memory of 2148	4188	c74a63ff44b69c63087ffd3a21821430N.exe	88
PID 4188 wrote to memory of 2148	4188	c74a63ff44b69c63087ffd3a21821430N.exe	88
PID 4188 wrote to memory of 2148	4188	c74a63ff44b69c63087ffd3a21821430N.exe	88
PID 1556 wrote to memory of 876	1556	c74a63ff44b69c63087ffd3a21821430N.exe	89
PID 1556 wrote to memory of 876	1556	c74a63ff44b69c63087ffd3a21821430N.exe	89
PID 1556 wrote to memory of 876	1556	c74a63ff44b69c63087ffd3a21821430N.exe	89
PID 4704 wrote to memory of 1528	4704	c74a63ff44b69c63087ffd3a21821430N.exe	90
PID 4704 wrote to memory of 1528	4704	c74a63ff44b69c63087ffd3a21821430N.exe	90
PID 4704 wrote to memory of 1528	4704	c74a63ff44b69c63087ffd3a21821430N.exe	90
PID 5032 wrote to memory of 2508	5032	c74a63ff44b69c63087ffd3a21821430N.exe	91
PID 5032 wrote to memory of 2508	5032	c74a63ff44b69c63087ffd3a21821430N.exe	91
PID 5032 wrote to memory of 2508	5032	c74a63ff44b69c63087ffd3a21821430N.exe	91
PID 1352 wrote to memory of 3312	1352	c74a63ff44b69c63087ffd3a21821430N.exe	92
PID 1352 wrote to memory of 3312	1352	c74a63ff44b69c63087ffd3a21821430N.exe	92
PID 1352 wrote to memory of 3312	1352	c74a63ff44b69c63087ffd3a21821430N.exe	92
PID 4188 wrote to memory of 4208	4188	c74a63ff44b69c63087ffd3a21821430N.exe	93
PID 4188 wrote to memory of 4208	4188	c74a63ff44b69c63087ffd3a21821430N.exe	93
PID 4188 wrote to memory of 4208	4188	c74a63ff44b69c63087ffd3a21821430N.exe	93
PID 2148 wrote to memory of 32	2148	c74a63ff44b69c63087ffd3a21821430N.exe	94
PID 2148 wrote to memory of 32	2148	c74a63ff44b69c63087ffd3a21821430N.exe	94
PID 2148 wrote to memory of 32	2148	c74a63ff44b69c63087ffd3a21821430N.exe	94
PID 1556 wrote to memory of 3680	1556	c74a63ff44b69c63087ffd3a21821430N.exe	95
PID 1556 wrote to memory of 3680	1556	c74a63ff44b69c63087ffd3a21821430N.exe	95
PID 1556 wrote to memory of 3680	1556	c74a63ff44b69c63087ffd3a21821430N.exe	95
PID 4704 wrote to memory of 4384	4704	c74a63ff44b69c63087ffd3a21821430N.exe	96
PID 4704 wrote to memory of 4384	4704	c74a63ff44b69c63087ffd3a21821430N.exe	96
PID 4704 wrote to memory of 4384	4704	c74a63ff44b69c63087ffd3a21821430N.exe	96
PID 1528 wrote to memory of 1604	1528	c74a63ff44b69c63087ffd3a21821430N.exe	97
PID 1528 wrote to memory of 1604	1528	c74a63ff44b69c63087ffd3a21821430N.exe	97
PID 1528 wrote to memory of 1604	1528	c74a63ff44b69c63087ffd3a21821430N.exe	97
PID 876 wrote to memory of 3432	876	c74a63ff44b69c63087ffd3a21821430N.exe	98
PID 876 wrote to memory of 3432	876	c74a63ff44b69c63087ffd3a21821430N.exe	98
PID 876 wrote to memory of 3432	876	c74a63ff44b69c63087ffd3a21821430N.exe	98
PID 5032 wrote to memory of 2452	5032	c74a63ff44b69c63087ffd3a21821430N.exe	99
PID 5032 wrote to memory of 2452	5032	c74a63ff44b69c63087ffd3a21821430N.exe	99
PID 5032 wrote to memory of 2452	5032	c74a63ff44b69c63087ffd3a21821430N.exe	99
PID 1352 wrote to memory of 2236	1352	c74a63ff44b69c63087ffd3a21821430N.exe	100
PID 1352 wrote to memory of 2236	1352	c74a63ff44b69c63087ffd3a21821430N.exe	100
PID 1352 wrote to memory of 2236	1352	c74a63ff44b69c63087ffd3a21821430N.exe	100
PID 2508 wrote to memory of 1856	2508	c74a63ff44b69c63087ffd3a21821430N.exe	101
PID 2508 wrote to memory of 1856	2508	c74a63ff44b69c63087ffd3a21821430N.exe	101
PID 2508 wrote to memory of 1856	2508	c74a63ff44b69c63087ffd3a21821430N.exe	101
PID 4188 wrote to memory of 2536	4188	c74a63ff44b69c63087ffd3a21821430N.exe	102
PID 4188 wrote to memory of 2536	4188	c74a63ff44b69c63087ffd3a21821430N.exe	102
PID 4188 wrote to memory of 2536	4188	c74a63ff44b69c63087ffd3a21821430N.exe	102
PID 4704 wrote to memory of 2304	4704	c74a63ff44b69c63087ffd3a21821430N.exe	103
PID 4704 wrote to memory of 2304	4704	c74a63ff44b69c63087ffd3a21821430N.exe	103
PID 4704 wrote to memory of 2304	4704	c74a63ff44b69c63087ffd3a21821430N.exe	103
PID 2148 wrote to memory of 4340	2148	c74a63ff44b69c63087ffd3a21821430N.exe	104
PID 2148 wrote to memory of 4340	2148	c74a63ff44b69c63087ffd3a21821430N.exe	104
PID 2148 wrote to memory of 4340	2148	c74a63ff44b69c63087ffd3a21821430N.exe	104
PID 1556 wrote to memory of 1148	1556	c74a63ff44b69c63087ffd3a21821430N.exe	105

C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
"C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4556
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:1104
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:12092
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:5092
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:408
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:15936
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16144
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:8756
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:12080
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:15896
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:740
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:3708
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:2736
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:1708
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:8780
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:12388
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:16128
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:2692
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16216
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:208
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:16312
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:12800
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:10140
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:14004
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:16096
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  PID:4832
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
      "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:9644
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:16376
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  PID:6328
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:13340
- - C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
    3⤵
    PID:16240
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  PID:8740
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  PID:12180
- C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe
  "C:\Users\Admin\AppData\Local\Temp\c74a63ff44b69c63087ffd3a21821430N.exe"
  2⤵
  PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude [bangbus] 50+ (Jade).mpeg.exe

Filesize
1.3MB

MD5
18ee587fbb163911e67fcf248ae24645

SHA1
55e2b3fca7c2cc669b642ca330fc409908137d13

SHA256
4699dfa8c2275a8edfb6e7320442ba93135a76b308edd2948b11286d0e546a32

SHA512
123bd7c9c4ba5e500de483857b4a7affc4930311e9bc2d4eaf2fa0f48da7e054b5a6a860fdb81b32283651e8ebea4eb35ceaa863464f626ccb679b5b056c0018

Download Submit