86ebb7dca4de112d1051bbc63ecc9ecd56435fdecac641698864952a7291c763

Analysis

max time kernel
16s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

246684c07a49f8a3597143c556af5860N.exe
Size

1.2MB
MD5

246684c07a49f8a3597143c556af5860
SHA1

dcc6027cfa94786bb52f62f91d1af6832f459291
SHA256

86ebb7dca4de112d1051bbc63ecc9ecd56435fdecac641698864952a7291c763
SHA512

12132fc9971921ab538ba524855c0c4f57b6ac622f4b3ee4a0a9f6b767069e589bc35f4cfdd2e6f05c8155d375efdf809025c12f96ce37ebffdc09af1817ea4f
SSDEEP

24576:2wgNxqhxVRcAzv2GcMEx3cdtnY710iM1hDb6STUyEj0hcGfVcq/:hgNxqDVRcAzvPc9stnY7ivXDfUmcG9cG

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	246684c07a49f8a3597143c556af5860N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	246684c07a49f8a3597143c556af5860N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\U:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\W:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\X:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\E:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\O:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\P:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\S:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\N:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\Q:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\B:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\G:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\H:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\I:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\M:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\V:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\Y:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\Z:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\A:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\J:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\K:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\L:	246684c07a49f8a3597143c556af5860N.exe
File opened (read-only)	\??\R:	246684c07a49f8a3597143c556af5860N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse [bangbus] glans femdom .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob voyeur (Tatjana).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian [bangbus] (Tatjana).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish kicking sperm masturbation titts .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie public (Karin).rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore licking glans wifey (Samantha).rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore masturbation feet swallow .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian fetish beast [free] feet ejaculation (Samantha).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian animal xxx masturbation mistress .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british xxx several models titts .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking [free] shoes .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore lesbian swallow .rar.exe	246684c07a49f8a3597143c556af5860N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking hot (!) sweet .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian animal bukkake catfight gorgeoushorny .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese handjob sperm hot (!) titts black hairunshaved .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian cum gay [free] girly .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian handjob lesbian girls cock gorgeoushorny (Sarah).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese fetish hardcore licking ash .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian porn lingerie voyeur hole .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian cumshot hardcore public hole 40+ (Sarah).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian horse trambling big cock .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish cum xxx hidden hole (Gina,Sylvia).mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish action gay several models ejaculation .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm [free] titts bondage (Melissa).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\trambling sleeping gorgeoushorny .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian fetish xxx uncut .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files (x86)\Google\Temp\black cumshot gay catfight high heels .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Common Files\microsoft shared\bukkake catfight feet wifey .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\dotnet\shared\italian cumshot lesbian big upskirt .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\bukkake [milf] .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\italian animal blowjob hidden leather .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\kicking trambling [free] cock (Sandy,Melissa).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\british bukkake big boots .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\cum gay big hole black hairunshaved (Samantha).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\african sperm public glans ash .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian bukkake sleeping ejaculation .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish handjob lingerie uncut balls .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\french trambling full movie hole .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian handjob beast several models cock (Anniston,Liz).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\swedish handjob horse masturbation YEâPSè& .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\lingerie lesbian blondie (Anniston,Sylvia).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black kicking blowjob several models latex .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SoftwareDistribution\Download\russian action horse uncut wifey .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\danish fetish fucking full movie pregnant .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\xxx hidden titts fishy .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\swedish nude gay hot (!) boots .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\black fetish bukkake big hole (Britney,Karin).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african horse licking penetration .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american animal xxx lesbian traffic .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\xxx catfight cock hotel (Sylvia).rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish nude trambling big titts .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob full movie feet boots .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\handjob blowjob lesbian mature (Sandy,Sarah).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum gay sleeping (Janette).mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\assembly\temp\blowjob hidden boots .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian cumshot horse [bangbus] .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gay uncut feet sweet .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\swedish handjob hardcore [bangbus] (Jade).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\handjob sperm licking titts .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish nude beast licking cock .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\security\templates\indian gang bang trambling [milf] hole fishy .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\fetish fucking public gorgeoushorny .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\japanese gang bang lingerie [bangbus] young .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\malaysia horse [free] glans black hairunshaved (Sarah).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\french fucking several models upskirt (Britney,Karin).mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx public 50+ .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese fucking [free] (Jade).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\chinese hardcore masturbation castration .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\mssrv.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\CbsTemp\italian cum horse uncut high heels (Gina,Sarah).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\lingerie big cock hairy (Jade).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\asian trambling masturbation .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\PLA\Templates\danish action blowjob masturbation titts fishy (Melissa).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\tyrkish beastiality bukkake [milf] hole fishy .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\cum horse [bangbus] feet boots (Sylvia).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\horse sperm lesbian titts .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french gay public (Karin).zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african hardcore [free] pregnant (Anniston,Tatjana).rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\action bukkake licking (Melissa).rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\spanish blowjob full movie (Sylvia).avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian porn bukkake lesbian titts (Sonja,Janette).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\brasilian fetish trambling masturbation cock shower (Sarah).mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian beast big cock .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish fetish lingerie [bangbus] feet .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\asian xxx big .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\asian lingerie [free] titts girly .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cumshot xxx lesbian .zip.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\brasilian animal lesbian public fishy .avi.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse big .rar.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish animal beast masturbation (Liz).mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\danish action lesbian several models circumcision .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\animal hardcore [bangbus] titts .mpg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\nude blowjob licking cock girly .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\danish cum xxx masturbation glans boots .mpeg.exe	246684c07a49f8a3597143c556af5860N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	246684c07a49f8a3597143c556af5860N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1608	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
4400	246684c07a49f8a3597143c556af5860N.exe
4400	246684c07a49f8a3597143c556af5860N.exe
432	246684c07a49f8a3597143c556af5860N.exe
432	246684c07a49f8a3597143c556af5860N.exe
4280	246684c07a49f8a3597143c556af5860N.exe
4280	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
4948	246684c07a49f8a3597143c556af5860N.exe
4948	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
2760	246684c07a49f8a3597143c556af5860N.exe
2760	246684c07a49f8a3597143c556af5860N.exe
3104	246684c07a49f8a3597143c556af5860N.exe
3104	246684c07a49f8a3597143c556af5860N.exe
2360	246684c07a49f8a3597143c556af5860N.exe
2360	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
3536	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
3032	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
1608	246684c07a49f8a3597143c556af5860N.exe
1520	246684c07a49f8a3597143c556af5860N.exe
1520	246684c07a49f8a3597143c556af5860N.exe
1252	246684c07a49f8a3597143c556af5860N.exe
1252	246684c07a49f8a3597143c556af5860N.exe
3004	246684c07a49f8a3597143c556af5860N.exe
3004	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
2588	246684c07a49f8a3597143c556af5860N.exe
4400	246684c07a49f8a3597143c556af5860N.exe
4400	246684c07a49f8a3597143c556af5860N.exe
432	246684c07a49f8a3597143c556af5860N.exe
432	246684c07a49f8a3597143c556af5860N.exe
2420	246684c07a49f8a3597143c556af5860N.exe
2420	246684c07a49f8a3597143c556af5860N.exe
4280	246684c07a49f8a3597143c556af5860N.exe
4280	246684c07a49f8a3597143c556af5860N.exe
4868	246684c07a49f8a3597143c556af5860N.exe
4868	246684c07a49f8a3597143c556af5860N.exe
4948	246684c07a49f8a3597143c556af5860N.exe
4948	246684c07a49f8a3597143c556af5860N.exe
3528	246684c07a49f8a3597143c556af5860N.exe
3528	246684c07a49f8a3597143c556af5860N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 3032	1608	246684c07a49f8a3597143c556af5860N.exe	88
PID 1608 wrote to memory of 3032	1608	246684c07a49f8a3597143c556af5860N.exe	88
PID 1608 wrote to memory of 3032	1608	246684c07a49f8a3597143c556af5860N.exe	88
PID 1608 wrote to memory of 2588	1608	246684c07a49f8a3597143c556af5860N.exe	93
PID 1608 wrote to memory of 2588	1608	246684c07a49f8a3597143c556af5860N.exe	93
PID 1608 wrote to memory of 2588	1608	246684c07a49f8a3597143c556af5860N.exe	93
PID 3032 wrote to memory of 3536	3032	246684c07a49f8a3597143c556af5860N.exe	94
PID 3032 wrote to memory of 3536	3032	246684c07a49f8a3597143c556af5860N.exe	94
PID 3032 wrote to memory of 3536	3032	246684c07a49f8a3597143c556af5860N.exe	94
PID 3536 wrote to memory of 432	3536	246684c07a49f8a3597143c556af5860N.exe	95
PID 3536 wrote to memory of 432	3536	246684c07a49f8a3597143c556af5860N.exe	95
PID 3536 wrote to memory of 432	3536	246684c07a49f8a3597143c556af5860N.exe	95
PID 1608 wrote to memory of 4400	1608	246684c07a49f8a3597143c556af5860N.exe	96
PID 1608 wrote to memory of 4400	1608	246684c07a49f8a3597143c556af5860N.exe	96
PID 1608 wrote to memory of 4400	1608	246684c07a49f8a3597143c556af5860N.exe	96
PID 3032 wrote to memory of 4280	3032	246684c07a49f8a3597143c556af5860N.exe	97
PID 3032 wrote to memory of 4280	3032	246684c07a49f8a3597143c556af5860N.exe	97
PID 3032 wrote to memory of 4280	3032	246684c07a49f8a3597143c556af5860N.exe	97
PID 2588 wrote to memory of 4948	2588	246684c07a49f8a3597143c556af5860N.exe	98
PID 2588 wrote to memory of 4948	2588	246684c07a49f8a3597143c556af5860N.exe	98
PID 2588 wrote to memory of 4948	2588	246684c07a49f8a3597143c556af5860N.exe	98
PID 3536 wrote to memory of 2760	3536	246684c07a49f8a3597143c556af5860N.exe	100
PID 3536 wrote to memory of 2760	3536	246684c07a49f8a3597143c556af5860N.exe	100
PID 3536 wrote to memory of 2760	3536	246684c07a49f8a3597143c556af5860N.exe	100
PID 3032 wrote to memory of 3104	3032	246684c07a49f8a3597143c556af5860N.exe	101
PID 3032 wrote to memory of 3104	3032	246684c07a49f8a3597143c556af5860N.exe	101
PID 3032 wrote to memory of 3104	3032	246684c07a49f8a3597143c556af5860N.exe	101
PID 1608 wrote to memory of 2360	1608	246684c07a49f8a3597143c556af5860N.exe	102
PID 1608 wrote to memory of 2360	1608	246684c07a49f8a3597143c556af5860N.exe	102
PID 1608 wrote to memory of 2360	1608	246684c07a49f8a3597143c556af5860N.exe	102
PID 2588 wrote to memory of 3004	2588	246684c07a49f8a3597143c556af5860N.exe	105
PID 2588 wrote to memory of 3004	2588	246684c07a49f8a3597143c556af5860N.exe	105
PID 2588 wrote to memory of 3004	2588	246684c07a49f8a3597143c556af5860N.exe	105
PID 4400 wrote to memory of 1520	4400	246684c07a49f8a3597143c556af5860N.exe	103
PID 4400 wrote to memory of 1520	4400	246684c07a49f8a3597143c556af5860N.exe	103
PID 4400 wrote to memory of 1520	4400	246684c07a49f8a3597143c556af5860N.exe	103
PID 432 wrote to memory of 1252	432	246684c07a49f8a3597143c556af5860N.exe	104
PID 432 wrote to memory of 1252	432	246684c07a49f8a3597143c556af5860N.exe	104
PID 432 wrote to memory of 1252	432	246684c07a49f8a3597143c556af5860N.exe	104
PID 4280 wrote to memory of 2420	4280	246684c07a49f8a3597143c556af5860N.exe	106
PID 4280 wrote to memory of 2420	4280	246684c07a49f8a3597143c556af5860N.exe	106
PID 4280 wrote to memory of 2420	4280	246684c07a49f8a3597143c556af5860N.exe	106
PID 4948 wrote to memory of 4868	4948	246684c07a49f8a3597143c556af5860N.exe	107
PID 4948 wrote to memory of 4868	4948	246684c07a49f8a3597143c556af5860N.exe	107
PID 4948 wrote to memory of 4868	4948	246684c07a49f8a3597143c556af5860N.exe	107
PID 3536 wrote to memory of 1928	3536	246684c07a49f8a3597143c556af5860N.exe	111
PID 3536 wrote to memory of 1928	3536	246684c07a49f8a3597143c556af5860N.exe	111
PID 3536 wrote to memory of 1928	3536	246684c07a49f8a3597143c556af5860N.exe	111
PID 1608 wrote to memory of 1856	1608	246684c07a49f8a3597143c556af5860N.exe	112
PID 1608 wrote to memory of 1856	1608	246684c07a49f8a3597143c556af5860N.exe	112
PID 1608 wrote to memory of 1856	1608	246684c07a49f8a3597143c556af5860N.exe	112
PID 3032 wrote to memory of 3528	3032	246684c07a49f8a3597143c556af5860N.exe	110
PID 3032 wrote to memory of 3528	3032	246684c07a49f8a3597143c556af5860N.exe	110
PID 3032 wrote to memory of 3528	3032	246684c07a49f8a3597143c556af5860N.exe	110
PID 2760 wrote to memory of 1932	2760	246684c07a49f8a3597143c556af5860N.exe	113
PID 2760 wrote to memory of 1932	2760	246684c07a49f8a3597143c556af5860N.exe	113
PID 2760 wrote to memory of 1932	2760	246684c07a49f8a3597143c556af5860N.exe	113
PID 432 wrote to memory of 4360	432	246684c07a49f8a3597143c556af5860N.exe	115
PID 432 wrote to memory of 4360	432	246684c07a49f8a3597143c556af5860N.exe	115
PID 432 wrote to memory of 4360	432	246684c07a49f8a3597143c556af5860N.exe	115
PID 4400 wrote to memory of 3596	4400	246684c07a49f8a3597143c556af5860N.exe	116
PID 4400 wrote to memory of 3596	4400	246684c07a49f8a3597143c556af5860N.exe	116
PID 4400 wrote to memory of 3596	4400	246684c07a49f8a3597143c556af5860N.exe	116
PID 2588 wrote to memory of 1688	2588	246684c07a49f8a3597143c556af5860N.exe	114

C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
"C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        9⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:20608
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:19420
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:19444
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20860
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:22432
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20828
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:19436
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18140
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:22488
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19016
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21088
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:20876
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:18944
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:22440
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20812
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:22472
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:24700
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21204
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:22556
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19188
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21104
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:22136
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:22464
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18780
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:20796
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:20908
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:19696
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:21112
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19396
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18804
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:21120
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17536
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:24716
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19624
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:22480
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20900
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:24708
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18904
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:22456
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18820
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:22448
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:20700
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13484
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18420
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:23072
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18796
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17632
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:25476
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:19428
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:14356
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:19240
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        8⤵
        
        PID:21056
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20836
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:19172
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:22092
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20960
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20944
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20884
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:21072
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18952
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21036
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20932
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18812
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20804
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:22548
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20616
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:21128
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19180
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18928
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19140
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19308
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18188
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:22108
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17664
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17464
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:20928
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:14364
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:19100
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        7⤵
        
        PID:20892
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:20968
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:22084
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:25468
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13952
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:19164
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:22688
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18156
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19348
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17564
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18360
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:21080
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:13568
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:19132
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:60
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        6⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19232
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:20820
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17508
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:17656
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:21096
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:14388
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:19148
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
        5⤵
        
        PID:19332
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:18772
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:3772
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:19452
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:13428
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:18132
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:19380
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
      "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
      4⤵
      PID:25048
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:17608
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:6536
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:11596
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:13348
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:17472
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:8784
- - C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
    "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
    3⤵
    PID:20868
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:14372
- C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe
  "C:\Users\Admin\AppData\Local\Temp\246684c07a49f8a3597143c556af5860N.exe"
  2⤵
  PID:18000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian porn lingerie voyeur hole .zip.exe

Filesize
89KB

MD5
7a7b6b259c6c36aff4ef1dd092d8a1ec

SHA1
cdc5d6c173dd11d6e929fcfc0ae1a3858c78e6d6

SHA256
869074446d920a7cdb041e958caf97482224a17c1e3f02efb750f17e247b6d13

SHA512
ee6eefdc79fcfddde4a8e67667d98fc669431d72e1069cb06fb7ee794c764517476b1318044104f05caab0beb3c0d140495cea58ab5422b52694e4e1d04e8dea

Download Submit
C:\debug.txt

Filesize
146B

MD5
719b4af90addb0149e891370847ad7aa

SHA1
1507ab50f28fddc3baf197cc376709810073691f

SHA256
7ad3ccf9b2f02eb026bf814247683551013f6337efe7f020eb051357cc85326c

SHA512
4d92b07d13eaca2f154446088886f7159810f194f385041209890754587f76204c60db868c3625c4ea3f186e945636b7e648a91aa30cd865b96ab0dcf7139bef

Download Submit