ec68def19c4646e96030d658ffafb28b3e48b947e8a67b266ad51b54109cb1a8

Analysis

max time kernel
16s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cc9594972921e2f55b915df875bbc30N.exe
Size

362KB
MD5

9cc9594972921e2f55b915df875bbc30
SHA1

1cb13e7a7a21d80105a8f8453c2d5dc1e1f1c2e7
SHA256

ec68def19c4646e96030d658ffafb28b3e48b947e8a67b266ad51b54109cb1a8
SHA512

1dbdb2c6ed8c36fa843674c783b41c1105ca2d8d1bdadc6b8cdfb645b35c70ce29b5e8e778cf5953d23601eabe9fe7f1e2a24cf5a69f05a6174880cc4ae9598a
SSDEEP

6144:oGHGRpO9p1om9+xs3NBB3i7T0KypIAS9atSHfeinci24n7DV:oGHasii9Bs/6TSatSHfeinLVn/V

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	9cc9594972921e2f55b915df875bbc30N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9cc9594972921e2f55b915df875bbc30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\K:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Q:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\B:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\M:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\P:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\X:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\I:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\N:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\O:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\T:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\U:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\W:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Y:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Z:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\E:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\H:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\J:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\L:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\R:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\S:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\V:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\A:	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish trambling girls .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian kicking catfight .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish bukkake big .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french fucking masturbation (Anniston).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german handjob gang bang catfight shoes .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling voyeur (Gina,Christine).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian animal cumshot full movie .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american sperm masturbation .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese nude gang bang lesbian .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian hardcore beastiality lesbian 50+ (Jade).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\System32\DriverStore\Temp\xxx gang bang uncut (Sonja,Jade).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french trambling masturbation upskirt (Sonja).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian sperm public .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling sleeping lady .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\asian beastiality sleeping hole bedroom .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german gang bang voyeur young (Sandy).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cumshot uncut (Melissa,Ashley).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Common Files\microsoft shared\kicking nude [milf] .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian beastiality action voyeur glans ash (Janette).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx girls .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian gay lesbian glans black hairunshaved (Sarah,Curtney).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black kicking voyeur upskirt .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse several models .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese cumshot beastiality licking shower .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese cum [free] shoes (Gina,Sylvia).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\dotnet\shared\swedish action [free] vagina .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\handjob kicking public titts (Sonja).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish porn gay full movie .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gang bang sleeping mistress .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\italian trambling sleeping redhair .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal catfight (Sarah,Christine).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse [milf] nipples ash .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beastiality animal catfight fishy .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\danish horse xxx sleeping .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\spanish cum cumshot public vagina latex (Sarah,Jenna).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake girls .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\malaysia beast public blondie .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish lingerie horse public .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\canadian beast trambling uncut nipples high heels .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\italian hardcore horse lesbian (Sandy,Kathrin).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american cumshot [milf] high heels .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\kicking action lesbian femdom .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian animal action voyeur feet bedroom .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish handjob fetish public cock sm .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\indian fetish xxx lesbian cock .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\chinese trambling big ash (Melissa,Christine).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob kicking hot (!) (Sarah,Sonja).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\Downloaded Program Files\brasilian hardcore catfight girly (Ashley).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore cum full movie boobs 50+ .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\chinese beast beast full movie wifey (Sylvia).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fucking animal sleeping .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\german sperm sleeping .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\hardcore masturbation bondage (Tatjana).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\canadian beastiality bukkake several models bedroom (Sonja).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\fucking cumshot [free] feet sm (Sonja,Melissa).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\spanish horse gay [bangbus] (Melissa,Samantha).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\malaysia gang bang horse [bangbus] boots .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian horse hidden ash blondie .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [bangbus] hole swallow (Samantha).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian cum girls feet castration .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\fucking lesbian .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african blowjob girls shower (Melissa,Kathrin).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\swedish gang bang uncut .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian horse kicking girls Ôï (Sylvia,Curtney).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\norwegian gang bang fucking hot (!) vagina upskirt (Britney).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\british trambling [milf] shower .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\horse masturbation penetration (Janette).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian beastiality girls ejaculation .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish horse action girls redhair (Janette).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\CbsTemp\spanish animal fucking hidden feet .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\african hardcore handjob girls fishy .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\gay licking shoes .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish cum animal voyeur boobs .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\tyrkish bukkake blowjob [free] shower .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\temp\fucking catfight shower .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish horse beast hot (!) nipples .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\PLA\Templates\hardcore [milf] balls (Jade,Sylvia).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\german gay sperm hot (!) hole traffic .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian fucking lingerie lesbian (Kathrin).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\nude masturbation (Christine,Sonja).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\german horse bukkake sleeping titts .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\action several models stockings (Britney).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\mssrv.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob horse lesbian (Gina,Jade).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian lingerie masturbation mature .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german cumshot lingerie public vagina boots .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\InputMethod\SHARED\asian blowjob action uncut circumcision .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black trambling lesbian masturbation redhair .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian horse licking .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british sperm hidden .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\security\templates\black beast horse licking sm .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\malaysia cumshot [bangbus] cock .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\russian horse lesbian cock (Jade).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5056	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
4948	9cc9594972921e2f55b915df875bbc30N.exe
4948	9cc9594972921e2f55b915df875bbc30N.exe
3552	9cc9594972921e2f55b915df875bbc30N.exe
3552	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
3044	9cc9594972921e2f55b915df875bbc30N.exe
3044	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
64	9cc9594972921e2f55b915df875bbc30N.exe
64	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
2452	9cc9594972921e2f55b915df875bbc30N.exe
2452	9cc9594972921e2f55b915df875bbc30N.exe
3540	9cc9594972921e2f55b915df875bbc30N.exe
3540	9cc9594972921e2f55b915df875bbc30N.exe
4948	9cc9594972921e2f55b915df875bbc30N.exe
4948	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
5056	9cc9594972921e2f55b915df875bbc30N.exe
992	9cc9594972921e2f55b915df875bbc30N.exe
992	9cc9594972921e2f55b915df875bbc30N.exe
1504	9cc9594972921e2f55b915df875bbc30N.exe
1504	9cc9594972921e2f55b915df875bbc30N.exe
3276	9cc9594972921e2f55b915df875bbc30N.exe
3276	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
2244	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
536	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
2724	9cc9594972921e2f55b915df875bbc30N.exe
2172	9cc9594972921e2f55b915df875bbc30N.exe
2172	9cc9594972921e2f55b915df875bbc30N.exe
2672	9cc9594972921e2f55b915df875bbc30N.exe
2672	9cc9594972921e2f55b915df875bbc30N.exe
3044	9cc9594972921e2f55b915df875bbc30N.exe
3044	9cc9594972921e2f55b915df875bbc30N.exe
3552	9cc9594972921e2f55b915df875bbc30N.exe
3552	9cc9594972921e2f55b915df875bbc30N.exe
892	9cc9594972921e2f55b915df875bbc30N.exe
892	9cc9594972921e2f55b915df875bbc30N.exe
64	9cc9594972921e2f55b915df875bbc30N.exe
64	9cc9594972921e2f55b915df875bbc30N.exe
904	9cc9594972921e2f55b915df875bbc30N.exe
904	9cc9594972921e2f55b915df875bbc30N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 2244	5056	9cc9594972921e2f55b915df875bbc30N.exe	87
PID 5056 wrote to memory of 2244	5056	9cc9594972921e2f55b915df875bbc30N.exe	87
PID 5056 wrote to memory of 2244	5056	9cc9594972921e2f55b915df875bbc30N.exe	87
PID 5056 wrote to memory of 536	5056	9cc9594972921e2f55b915df875bbc30N.exe	92
PID 5056 wrote to memory of 536	5056	9cc9594972921e2f55b915df875bbc30N.exe	92
PID 5056 wrote to memory of 536	5056	9cc9594972921e2f55b915df875bbc30N.exe	92
PID 2244 wrote to memory of 2724	2244	9cc9594972921e2f55b915df875bbc30N.exe	93
PID 2244 wrote to memory of 2724	2244	9cc9594972921e2f55b915df875bbc30N.exe	93
PID 2244 wrote to memory of 2724	2244	9cc9594972921e2f55b915df875bbc30N.exe	93
PID 5056 wrote to memory of 4948	5056	9cc9594972921e2f55b915df875bbc30N.exe	94
PID 5056 wrote to memory of 4948	5056	9cc9594972921e2f55b915df875bbc30N.exe	94
PID 5056 wrote to memory of 4948	5056	9cc9594972921e2f55b915df875bbc30N.exe	94
PID 2244 wrote to memory of 3552	2244	9cc9594972921e2f55b915df875bbc30N.exe	95
PID 2244 wrote to memory of 3552	2244	9cc9594972921e2f55b915df875bbc30N.exe	95
PID 2244 wrote to memory of 3552	2244	9cc9594972921e2f55b915df875bbc30N.exe	95
PID 536 wrote to memory of 3044	536	9cc9594972921e2f55b915df875bbc30N.exe	96
PID 536 wrote to memory of 3044	536	9cc9594972921e2f55b915df875bbc30N.exe	96
PID 536 wrote to memory of 3044	536	9cc9594972921e2f55b915df875bbc30N.exe	96
PID 2724 wrote to memory of 64	2724	9cc9594972921e2f55b915df875bbc30N.exe	97
PID 2724 wrote to memory of 64	2724	9cc9594972921e2f55b915df875bbc30N.exe	97
PID 2724 wrote to memory of 64	2724	9cc9594972921e2f55b915df875bbc30N.exe	97
PID 4948 wrote to memory of 2452	4948	9cc9594972921e2f55b915df875bbc30N.exe	99
PID 4948 wrote to memory of 2452	4948	9cc9594972921e2f55b915df875bbc30N.exe	99
PID 4948 wrote to memory of 2452	4948	9cc9594972921e2f55b915df875bbc30N.exe	99
PID 5056 wrote to memory of 3540	5056	9cc9594972921e2f55b915df875bbc30N.exe	100
PID 5056 wrote to memory of 3540	5056	9cc9594972921e2f55b915df875bbc30N.exe	100
PID 5056 wrote to memory of 3540	5056	9cc9594972921e2f55b915df875bbc30N.exe	100
PID 2244 wrote to memory of 992	2244	9cc9594972921e2f55b915df875bbc30N.exe	101
PID 2244 wrote to memory of 992	2244	9cc9594972921e2f55b915df875bbc30N.exe	101
PID 2244 wrote to memory of 992	2244	9cc9594972921e2f55b915df875bbc30N.exe	101
PID 536 wrote to memory of 1504	536	9cc9594972921e2f55b915df875bbc30N.exe	102
PID 536 wrote to memory of 1504	536	9cc9594972921e2f55b915df875bbc30N.exe	102
PID 536 wrote to memory of 1504	536	9cc9594972921e2f55b915df875bbc30N.exe	102
PID 2724 wrote to memory of 3276	2724	9cc9594972921e2f55b915df875bbc30N.exe	103
PID 2724 wrote to memory of 3276	2724	9cc9594972921e2f55b915df875bbc30N.exe	103
PID 2724 wrote to memory of 3276	2724	9cc9594972921e2f55b915df875bbc30N.exe	103
PID 3044 wrote to memory of 2172	3044	9cc9594972921e2f55b915df875bbc30N.exe	104
PID 3044 wrote to memory of 2172	3044	9cc9594972921e2f55b915df875bbc30N.exe	104
PID 3044 wrote to memory of 2172	3044	9cc9594972921e2f55b915df875bbc30N.exe	104
PID 3552 wrote to memory of 2672	3552	9cc9594972921e2f55b915df875bbc30N.exe	105
PID 3552 wrote to memory of 2672	3552	9cc9594972921e2f55b915df875bbc30N.exe	105
PID 3552 wrote to memory of 2672	3552	9cc9594972921e2f55b915df875bbc30N.exe	105
PID 64 wrote to memory of 892	64	9cc9594972921e2f55b915df875bbc30N.exe	106
PID 64 wrote to memory of 892	64	9cc9594972921e2f55b915df875bbc30N.exe	106
PID 64 wrote to memory of 892	64	9cc9594972921e2f55b915df875bbc30N.exe	106
PID 4948 wrote to memory of 904	4948	9cc9594972921e2f55b915df875bbc30N.exe	109
PID 4948 wrote to memory of 904	4948	9cc9594972921e2f55b915df875bbc30N.exe	109
PID 4948 wrote to memory of 904	4948	9cc9594972921e2f55b915df875bbc30N.exe	109
PID 2452 wrote to memory of 2236	2452	9cc9594972921e2f55b915df875bbc30N.exe	110
PID 2452 wrote to memory of 2236	2452	9cc9594972921e2f55b915df875bbc30N.exe	110
PID 2452 wrote to memory of 2236	2452	9cc9594972921e2f55b915df875bbc30N.exe	110
PID 5056 wrote to memory of 4688	5056	9cc9594972921e2f55b915df875bbc30N.exe	111
PID 5056 wrote to memory of 4688	5056	9cc9594972921e2f55b915df875bbc30N.exe	111
PID 5056 wrote to memory of 4688	5056	9cc9594972921e2f55b915df875bbc30N.exe	111
PID 2724 wrote to memory of 2272	2724	9cc9594972921e2f55b915df875bbc30N.exe	112
PID 2724 wrote to memory of 2272	2724	9cc9594972921e2f55b915df875bbc30N.exe	112
PID 2724 wrote to memory of 2272	2724	9cc9594972921e2f55b915df875bbc30N.exe	112
PID 2244 wrote to memory of 4192	2244	9cc9594972921e2f55b915df875bbc30N.exe	113
PID 2244 wrote to memory of 4192	2244	9cc9594972921e2f55b915df875bbc30N.exe	113
PID 2244 wrote to memory of 4192	2244	9cc9594972921e2f55b915df875bbc30N.exe	113
PID 536 wrote to memory of 2420	536	9cc9594972921e2f55b915df875bbc30N.exe	114
PID 536 wrote to memory of 2420	536	9cc9594972921e2f55b915df875bbc30N.exe	114
PID 536 wrote to memory of 2420	536	9cc9594972921e2f55b915df875bbc30N.exe	114
PID 3552 wrote to memory of 2676	3552	9cc9594972921e2f55b915df875bbc30N.exe	115

C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
"C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:20980
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21520
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:20836
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:22020
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21800
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:19368
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:20792
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20932
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21544
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21320
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21004
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21364
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18964
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:22052
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21352
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21304
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21272
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21328
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21716
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21792
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20900
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21536
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20868
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21496
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21092
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:20884
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:22008
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21768
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21988
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21084
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20804
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21312
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21280
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20924
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21392
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20844
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:19444
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:22000
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20860
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21552
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:14696
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21028
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21408
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21296
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21044
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:9056
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:12508
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17116
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5612
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21052
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20828
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:20988
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21336
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:19572
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:19336
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20940
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21784
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:19328
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21288
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21076
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21776
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20916
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21384
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21060
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20972
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:1308
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:19544
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:22036
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:19032
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21100
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:9352
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:12704
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17068
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5700
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20956
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21480
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20948
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21812
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21036
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21484
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21512
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4156
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4240
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21068
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:9072
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:12640
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17076
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:21344
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:22044
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21416
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5680
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21400
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:21424
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:12332
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17140
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:21264
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:4688
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:20908
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10772
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:14644
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:16692
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:20996
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10964
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:18880
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:22028
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:6764
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:13268
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:16844
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:20964
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:9060
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:12860
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:19304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian beastiality action voyeur glans ash (Janette).mpg.exe

Filesize
1.4MB

MD5
011e6d707124ec12ae473bb1e879dff9

SHA1
7d65b55fa8b6fb69da29a2441e3cd155691324b1

SHA256
6dd5a82ac163162ef6860774b4eb3c4b5446f7340b7b822d4485238d70ffe0d4

SHA512
5cf26af93251029d36baed8c5369b7a933d0f509b7804e3bbea80d28abc4e9497b21ed46ef8879faf0b5c68c5d3aa2426d6867ea7c44de617450b54ffa4f7dce

Download Submit