2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211

Analysis

max time kernel
15s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Size

603KB
MD5

7f1bd20d3e572561a007309d30d8a510
SHA1

da71fad23de1eb7656546166d018e3182de57c57
SHA256

2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211
SHA512

fc7896a6e2335ea8b72f3b58ed23fd1f04338dceeb5ff17e167704281d90ff291cf16414ffed477c2b0d7b9ec79810ed5fea61425bb1e7cae736c2ff68336081
SSDEEP

12288:dXCNi9BzAuwHskh83MeOxkebtPK5R20g6pCcWQ556xkw60fG4:oW8uGskSAbtPKiApAC6R6OG4

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\J:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\K:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\M:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\P:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\Q:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\V:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\N:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\U:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\W:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\A:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\B:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\L:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\O:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\R:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\S:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\X:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\Z:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\G:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\H:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\I:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\T:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File opened (read-only)	\??\Y:	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\black xxx horse catfight .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn gang bang licking vagina .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\nude masturbation feet .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\action xxx girls .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay catfight glans hotel (Kathrin,Tatjana).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\kicking [bangbus] sweet .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black handjob full movie beautyfull (Samantha,Karin).rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american trambling several models cock .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\african beastiality fucking catfight mistress .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia sperm gang bang public vagina .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british lingerie beast hidden vagina penetration .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\System32\DriverStore\Temp\cum [bangbus] ¼ë .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\hardcore kicking catfight .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american action licking ash (Sarah).zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian porn uncut cock .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american bukkake fetish several models .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gay big .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Google\Temp\cum gay voyeur legs .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Google\Update\Download\handjob gang bang [bangbus] latex .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\beast catfight nipples mistress .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian handjob beast licking balls .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\german beastiality uncut ejaculation (Sonja).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking lingerie hidden .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian gang bang bukkake catfight ¼ë (Jade).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish hardcore horse catfight young .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Common Files\microsoft shared\black animal several models (Jade,Sylvia).zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\xxx xxx lesbian cock upskirt .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian beastiality voyeur nipples (Liz).rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish xxx blowjob [free] feet pregnant .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia beast catfight penetration .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian blowjob handjob masturbation titts .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\norwegian handjob several models .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum lesbian .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob beastiality licking .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\hardcore bukkake voyeur titts .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality catfight bedroom .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\british hardcore [milf] hole bedroom .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\handjob beast hot (!) .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum lingerie full movie girly .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling horse public hole 50+ .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish fetish full movie (Tatjana,Sandy).mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SoftwareDistribution\Download\russian lesbian voyeur lady .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\russian horse xxx lesbian .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\danish porn uncut redhair (Britney).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\black handjob licking femdom .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british animal [milf] (Jade).zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\indian gay voyeur cock .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian licking legs swallow .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish sperm girls boobs traffic .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian gay masturbation feet traffic .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\blowjob cumshot big cock .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\british kicking sleeping feet gorgeoushorny (Sonja).mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\american trambling uncut legs .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african handjob licking vagina .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\french trambling lesbian uncut (Janette,Sarah).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse blowjob [free] cock (Tatjana).rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black beastiality girls ejaculation .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\action public .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn cumshot uncut sweet .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\indian animal masturbation nipples 40+ (Melissa).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\italian lingerie [bangbus] penetration .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese beastiality voyeur circumcision (Samantha,Ashley).rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\xxx public .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\russian beastiality hardcore uncut titts (Melissa,Ashley).zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\CbsTemp\nude [bangbus] (Kathrin,Janette).rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\PLA\Templates\bukkake public nipples (Samantha,Jade).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\french horse beastiality masturbation vagina .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\norwegian beast animal voyeur redhair (Sarah,Jenna).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\fucking licking legs .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\animal [free] boobs mature .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\spanish fucking lesbian hot (!) .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\indian blowjob horse [milf] legs shoes .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\assembly\tmp\chinese kicking voyeur boobs gorgeoushorny (Britney,Anniston).mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian animal [milf] (Jade).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\xxx horse hot (!) .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\american gang bang catfight bondage (Karin,Curtney).zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese sperm hidden (Karin,Liz).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\animal lingerie masturbation .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian nude fucking [free] feet (Liz,Karin).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse catfight pregnant .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\french cum several models girly .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\bukkake beast voyeur .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british lesbian animal big cock sweet (Jade).avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cumshot kicking licking .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\british animal [free] titts .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\mssrv.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish beastiality big .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\japanese horse hot (!) legs balls .mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish gang bang blowjob voyeur .zip.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\sperm nude voyeur pregnant .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\lesbian public femdom .rar.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\cumshot voyeur YEâPSè& (Gina).mpeg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\animal horse lesbian shoes .avi.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\canadian horse voyeur boobs wifey .mpg.exe	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4344	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4344	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4008	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4008	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3672	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
3672	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2556	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2556	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4452	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4452	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1096	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1096	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1828	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
1828	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4876	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4876	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2712	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
2712	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 5064	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	82
PID 8 wrote to memory of 5064	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	82
PID 8 wrote to memory of 5064	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	82
PID 8 wrote to memory of 3616	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	85
PID 8 wrote to memory of 3616	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	85
PID 8 wrote to memory of 3616	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	85
PID 5064 wrote to memory of 1260	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	86
PID 5064 wrote to memory of 1260	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	86
PID 5064 wrote to memory of 1260	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	86
PID 3616 wrote to memory of 2848	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	89
PID 3616 wrote to memory of 2848	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	89
PID 3616 wrote to memory of 2848	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	89
PID 8 wrote to memory of 968	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	90
PID 8 wrote to memory of 968	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	90
PID 8 wrote to memory of 968	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	90
PID 5064 wrote to memory of 4384	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	91
PID 5064 wrote to memory of 4384	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	91
PID 5064 wrote to memory of 4384	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	91
PID 1260 wrote to memory of 2568	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	92
PID 1260 wrote to memory of 2568	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	92
PID 1260 wrote to memory of 2568	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	92
PID 3616 wrote to memory of 4008	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	94
PID 3616 wrote to memory of 4008	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	94
PID 3616 wrote to memory of 4008	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	94
PID 2848 wrote to memory of 3672	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	95
PID 2848 wrote to memory of 3672	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	95
PID 2848 wrote to memory of 3672	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	95
PID 8 wrote to memory of 4452	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	96
PID 8 wrote to memory of 4452	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	96
PID 8 wrote to memory of 4452	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	96
PID 5064 wrote to memory of 4344	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	97
PID 5064 wrote to memory of 4344	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	97
PID 5064 wrote to memory of 4344	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	97
PID 1260 wrote to memory of 2556	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	98
PID 1260 wrote to memory of 2556	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	98
PID 1260 wrote to memory of 2556	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	98
PID 968 wrote to memory of 1096	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	99
PID 968 wrote to memory of 1096	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	99
PID 968 wrote to memory of 1096	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	99
PID 4384 wrote to memory of 1828	4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	100
PID 4384 wrote to memory of 1828	4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	100
PID 4384 wrote to memory of 1828	4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	100
PID 2568 wrote to memory of 4876	2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	101
PID 2568 wrote to memory of 4876	2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	101
PID 2568 wrote to memory of 4876	2568	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	101
PID 3616 wrote to memory of 2712	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	102
PID 3616 wrote to memory of 2712	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	102
PID 3616 wrote to memory of 2712	3616	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	102
PID 2848 wrote to memory of 3004	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	103
PID 2848 wrote to memory of 3004	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	103
PID 2848 wrote to memory of 3004	2848	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	103
PID 1260 wrote to memory of 1536	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	104
PID 1260 wrote to memory of 1536	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	104
PID 1260 wrote to memory of 1536	1260	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	104
PID 5064 wrote to memory of 3096	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	106
PID 5064 wrote to memory of 3096	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	106
PID 5064 wrote to memory of 3096	5064	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	106
PID 968 wrote to memory of 4760	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	107
PID 968 wrote to memory of 4760	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	107
PID 968 wrote to memory of 4760	968	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	107
PID 8 wrote to memory of 4872	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	108
PID 8 wrote to memory of 4872	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	108
PID 8 wrote to memory of 4872	8	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	108
PID 4384 wrote to memory of 4536	4384	2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe	109

C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
"C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:8
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14212
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14172
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14228
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14244
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14044
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:8600
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:12120
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14140
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3616
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14100
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14620
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14124
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14012
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:9020
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:11960
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14108
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14324
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14596
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14028
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:9000
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:12212
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14148
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14468
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:13968
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:14268
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:10892
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:13116
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:4872
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:13308
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
      "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
      4⤵
      PID:15792
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:10488
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14500
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:8652
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:11768
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14220
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:6424
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:12928
- - C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
    3⤵
    PID:14020
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:8616
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:11776
- C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe
  "C:\Users\Admin\AppData\Local\Temp\2e7d8773486423c215375c97fdd8abddfce12975b79e7e8b55cec2517ce1f211N.exe"
  2⤵
  PID:14236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american action licking ash (Sarah).zip.exe

Filesize
1.0MB

MD5
6e37fae892e5832bf627645dcb9561e9

SHA1
f14dfdf81f89c2c398f01fdbfa88390df0af48bc

SHA256
f677ea1009f7b02a79ec11730e99ef9b01127cb586985ab7d03fa130b206875e

SHA512
c419ea1a8d9f24f3ef47e99da40a552cddcf7c8b876d88dd809db94e43729ef7cd536601e3f532ecbcbdddca56a786a3f9181f7056f1b3f4eb0fc6ce5db34a2d

Download Submit
memory/8-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/336-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/664-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/968-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1096-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1260-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1324-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1536-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1732-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1840-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1888-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2440-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2568-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2568-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2712-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2848-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2848-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2864-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3096-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3616-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3660-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4008-327-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4360-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4384-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4384-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4536-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5004-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5020-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5064-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5776-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5848-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5864-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5896-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5904-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5920-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5928-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5936-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5960-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6236-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6244-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6252-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6376-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6476-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6560-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7080-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7148-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7356-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7384-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7392-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7400-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7408-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7416-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7448-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7688-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7696-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7712-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8128-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8136-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8148-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8176-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8264-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8276-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8356-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8500-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8532-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8600-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8608-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8616-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8624-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8768-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8776-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9000-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9020-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9052-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9360-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9548-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9584-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9612-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9620-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9828-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9836-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9848-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9856-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9896-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10132-325-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10164-324-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10172-328-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10180-326-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10188-329-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10212-330-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download