b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623

Analysis

max time kernel
15s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Size

1.9MB
MD5

db69c1814a3a1fa5032e4af31f54bf70
SHA1

d6f0c8eb11311bb91d27b442df934837de091334
SHA256

b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623
SHA512

2fc1bce25cb31097481f45523bd1ae9ba94f8f7e0390a223cbf761ac2b7e6487ea4417109ac94cfd8148de30dfd4e89088c860ccacb782da8736f8b0fc28b5d6
SSDEEP

49152:VjyKtQPJBnDxYZZG2XwhIBFxhqjeaNQ7epfOkxBQ1DW:9ntQPDW3G2XBFOeaNQ7MWkPAW

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\Y:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\E:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\G:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\L:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\N:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\P:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\T:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\Z:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\A:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\B:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\J:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\K:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\Q:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\U:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\I:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\R:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\S:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\W:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\X:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\H:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\M:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File opened (read-only)	\??\O:	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese cumshot kicking big gorgeoushorny .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\german porn catfight 50+ (Samantha,Jade).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\british porn public feet .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british gay lingerie several models .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian lesbian hidden .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cumshot beastiality hot (!) latex (Christine).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\african beastiality catfight feet bedroom .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse gay licking upskirt (Liz,Jenna).avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia gang bang beast several models titts .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish nude handjob [free] legs mistress .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SysWOW64\FxsTmp\german action trambling public sm .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\spanish kicking blowjob sleeping glans (Samantha,Christine).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian sperm uncut glans .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking porn big .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie blowjob masturbation nipples swallow (Jenna,Melissa).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\hardcore public .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay public titts balls .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Google\Temp\trambling voyeur fishy .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian xxx sperm uncut legs (Gina).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish horse hidden legs bondage .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Google\Update\Download\cumshot lesbian [bangbus] bondage .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Common Files\microsoft shared\porn gay public ash hairy .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\dotnet\shared\trambling nude several models hole (Jenna).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\spanish horse fetish [free] (Janette,Samantha).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian lesbian blowjob lesbian stockings .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm voyeur shower (Melissa).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian horse gang bang full movie swallow (Britney).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang porn [milf] fishy .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\action sleeping bedroom .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian blowjob nude big cock .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\blowjob nude lesbian ash high heels .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\brasilian cum catfight leather .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\security\templates\swedish fucking beastiality [bangbus] (Sylvia).zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\beast gay full movie glans (Sandy,Jade).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish action beastiality [bangbus] .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african gay [bangbus] shoes (Karin,Sonja).zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian handjob action sleeping .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\porn sleeping .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\lingerie catfight (Curtney,Sylvia).zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\canadian hardcore action sleeping (Anniston,Anniston).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian horse full movie pregnant .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\brasilian fetish girls glans .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\japanese bukkake big .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\tyrkish handjob bukkake [bangbus] bedroom .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\british blowjob nude licking cock .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\bukkake licking Ôï .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob [free] beautyfull (Britney,Anniston).avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\american blowjob lingerie hidden nipples .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\animal big bedroom (Samantha).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\beastiality gang bang [free] cock sweet .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\gay beast public femdom .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\french gang bang porn voyeur .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\african cum public (Gina,Sarah).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\indian cumshot [free] ash boots .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish bukkake hot (!) balls .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\gay cum full movie beautyfull .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\action horse [free] .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\italian beast kicking big cock girly .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake several models hole black hairunshaved .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\black lingerie hot (!) feet balls .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\lingerie hot (!) .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore licking .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian fetish uncut ash hairy .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\gay animal sleeping pregnant .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\kicking uncut .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\lingerie full movie titts castration .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse catfight .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\brasilian beastiality porn hot (!) hairy .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse catfight bondage (Britney,Britney).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\indian handjob sperm hot (!) castration .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\horse voyeur high heels (Karin).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\beast cumshot several models .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african fetish several models (Jenna).rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\animal fucking public .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\german horse hidden titts swallow (Ashley,Melissa).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\action uncut ash shoes .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\japanese blowjob full movie .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\beastiality masturbation cock ash .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\german beast horse public circumcision .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\german horse sperm masturbation sweet .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\blowjob cumshot [bangbus] 40+ .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\animal public nipples lady (Sonja,Samantha).avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\hardcore action voyeur .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\malaysia fetish hot (!) hole (Melissa).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\american hardcore sperm full movie .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\british horse nude sleeping mature .mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\trambling big swallow .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fetish uncut 50+ .avi.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\PLA\Templates\horse public (Curtney,Kathrin).mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\swedish beast bukkake [free] cock .zip.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african handjob [milf] .mpeg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian handjob blowjob hot (!) cock .rar.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\mssrv.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\hardcore sperm catfight cock (Melissa).mpg.exe	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
392	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
392	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3620	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3620	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3524	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3524	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2384	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2384	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3612	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3612	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1816	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1816	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3828	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3828	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3460	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3460	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 3636	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	82
PID 2132 wrote to memory of 3636	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	82
PID 2132 wrote to memory of 3636	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	82
PID 3636 wrote to memory of 3508	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	85
PID 3636 wrote to memory of 3508	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	85
PID 3636 wrote to memory of 3508	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	85
PID 2132 wrote to memory of 3760	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	86
PID 2132 wrote to memory of 3760	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	86
PID 2132 wrote to memory of 3760	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	86
PID 3508 wrote to memory of 1200	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	89
PID 3508 wrote to memory of 1200	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	89
PID 3508 wrote to memory of 1200	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	89
PID 3760 wrote to memory of 1600	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	90
PID 3760 wrote to memory of 1600	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	90
PID 3760 wrote to memory of 1600	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	90
PID 3636 wrote to memory of 2172	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	91
PID 3636 wrote to memory of 2172	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	91
PID 3636 wrote to memory of 2172	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	91
PID 2132 wrote to memory of 2584	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	92
PID 2132 wrote to memory of 2584	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	92
PID 2132 wrote to memory of 2584	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	92
PID 3636 wrote to memory of 2384	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	94
PID 3636 wrote to memory of 2384	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	94
PID 3636 wrote to memory of 2384	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	94
PID 3760 wrote to memory of 392	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	95
PID 3760 wrote to memory of 392	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	95
PID 3760 wrote to memory of 392	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	95
PID 3508 wrote to memory of 3524	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	96
PID 3508 wrote to memory of 3524	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	96
PID 3508 wrote to memory of 3524	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	96
PID 2132 wrote to memory of 3620	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	97
PID 2132 wrote to memory of 3620	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	97
PID 2132 wrote to memory of 3620	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	97
PID 1600 wrote to memory of 3612	1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	98
PID 1600 wrote to memory of 3612	1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	98
PID 1600 wrote to memory of 3612	1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	98
PID 2172 wrote to memory of 1816	2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	99
PID 2172 wrote to memory of 1816	2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	99
PID 2172 wrote to memory of 1816	2172	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	99
PID 1200 wrote to memory of 3828	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	100
PID 1200 wrote to memory of 3828	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	100
PID 1200 wrote to memory of 3828	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	100
PID 2584 wrote to memory of 1176	2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	101
PID 2584 wrote to memory of 1176	2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	101
PID 2584 wrote to memory of 1176	2584	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	101
PID 3636 wrote to memory of 3460	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	102
PID 3636 wrote to memory of 3460	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	102
PID 3636 wrote to memory of 3460	3636	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	102
PID 3508 wrote to memory of 528	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	103
PID 3508 wrote to memory of 528	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	103
PID 3508 wrote to memory of 528	3508	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	103
PID 3760 wrote to memory of 4904	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	104
PID 3760 wrote to memory of 4904	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	104
PID 3760 wrote to memory of 4904	3760	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	104
PID 2132 wrote to memory of 708	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	105
PID 2132 wrote to memory of 708	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	105
PID 2132 wrote to memory of 708	2132	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	105
PID 392 wrote to memory of 2244	392	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	106
PID 392 wrote to memory of 2244	392	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	106
PID 392 wrote to memory of 2244	392	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	106
PID 1200 wrote to memory of 4008	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	107
PID 1200 wrote to memory of 4008	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	107
PID 1200 wrote to memory of 4008	1200	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	107
PID 1600 wrote to memory of 4952	1600	b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe	108

C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
"C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3636
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        9⤵
        
        PID:19080
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        8⤵
        
        PID:19828
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:20220
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:21444
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19820
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:21464
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20316
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:20156
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:18556
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19512
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20260
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19404
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:21248
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:18796
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20464
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20448
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19836
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20228
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20400
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20284
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20132
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:18780
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20308
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20416
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:21472
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20148
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20116
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:21436
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:8160
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:19556
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:16720
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3760
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:20124
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        7⤵
        
        PID:19548
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20324
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20292
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20180
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20140
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19088
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20188
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20268
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20408
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:392
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20244
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20968
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20456
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19520
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20204
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15816
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:8180
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:19172
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:15020
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:20424
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:20276
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19564
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15856
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:21480
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19248
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19488
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19880
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:21428
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:1052
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:19220
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:11844
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:15044
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:20432
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:20172
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16636
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15920
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20300
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:8172
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:12152
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:15140
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:20472
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:708
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:20108
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16504
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:9880
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:16556
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
      "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:14996
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:20252
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:6196
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:9796
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:15152
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:20212
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:8624
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:12240
- - C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
    3⤵
    PID:19260
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:15012
- C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe
  "C:\Users\Admin\AppData\Local\Temp\b6bb5bd8807e485caa7f73ab946e1e867e24816fd9f7b52f97024e7ea9ba2623N.exe"
  2⤵
  PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian sperm uncut glans .mpeg.exe

Filesize
585KB

MD5
51cf4bf30275878b068c3dd54f4f3aa8

SHA1
6ff60999eb78ea4cb6b21b09c53f6a41e0d909f0

SHA256
6290c661aa0a491e3576b20e6e35d23d25edf500d48a24fa3c0fddb3b97c280b

SHA512
d87c05f4b710c1f3d6258f08c7a7323a36c68954283523a73a48c76c9148f7ba7be41065f413478d21b13f83dce7d859b2f5011c4953fe04edbd60b747c25a36

Download Submit
C:\debug.txt

Filesize
146B

MD5
80a6c437aa1d975a8500bc28dd831149

SHA1
7dac758205ba6fff4ead9cd6a5be4a5dcf0eec71

SHA256
1006e724be85d502cb24e4954da694366082e93509ceb92dc7438a6bd2daa5fe

SHA512
b42f07ee2ad3333960ce54abebd7a486c6193c14adec3d2e64fd2751f9528acca0399ddffbd02cf96f1adabc474a9ef54eb40b7595acdacef93d928690347482

Download Submit
memory/392-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/392-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/528-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/708-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/920-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1176-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1200-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1600-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1816-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1944-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1960-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2132-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2132-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2384-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2536-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2584-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2584-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3456-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3460-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3508-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3508-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3524-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3524-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3612-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3620-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3620-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3636-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3696-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3760-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3760-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3944-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3960-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4660-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4904-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4952-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5072-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5736-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5768-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5840-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5848-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5856-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6212-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6228-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6236-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6284-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6948-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7044-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7076-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7092-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7100-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7108-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7188-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7316-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7888-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7948-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8036-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8044-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8052-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8084-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8136-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8144-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8152-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8160-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8172-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8180-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8208-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8504-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8612-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8624-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8668-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8928-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8940-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8952-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8960-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9096-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9112-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9120-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9304-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9320-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9496-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9572-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9580-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9788-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9820-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9864-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9880-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9904-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9912-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9920-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9928-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9936-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10048-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10232-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download