bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934

Analysis

max time kernel
118s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Size

960KB
MD5

7feebddbba26e7ef0ed50f90b2c45050
SHA1

05e3e5a64a8bde6ca53e180ec5bd297650528439
SHA256

bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934
SHA512

4406110fb43b1b396801740baedf5558cf0cb754f20909c5671b852a982286580c501c8dba0a6596612dae2bd54eb5b200a7e160a2aa7afbbaa4c9d75cac00c0
SSDEEP

12288:dXCNi9B5pnxYJGdQlNiRxYghNXC0QbZZ/as+O0VtAYYtpQ1kBiM8yZpoYVZB3ALP:oW5hxYPNNghzQVafr5DkBX8yzoa3O3

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\G:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\H:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\I:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\M:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\S:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\W:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\E:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\L:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\T:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\Q:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\U:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\V:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\X:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\B:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\J:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\K:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\N:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\O:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\P:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\R:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\Y:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File opened (read-only)	\??\Z:	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\black nude sperm [free] feet .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\System32\DriverStore\Temp\italian handjob trambling full movie .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish nude lingerie masturbation ash .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian animal blowjob full movie hairy .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian kicking trambling masturbation hole upskirt (Sarah).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian gang bang xxx voyeur hole .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx big black hairunshaved .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore masturbation stockings .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\FxsTmp\handjob xxx public glans leather (Sylvia).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay several models .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian sleeping titts .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian fetish bukkake sleeping feet .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american horse xxx sleeping bondage .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie lesbian titts .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Google\Update\Download\american beastiality bukkake full movie pregnant .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\bukkake sleeping titts 50+ .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian licking feet sm .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx masturbation ash (Kathrin,Janette).mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian gang bang bukkake licking swallow .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking girls swallow .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese fetish fucking full movie feet .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian fetish trambling hot (!) cock latex .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\xxx [bangbus] (Melissa).mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian cumshot blowjob voyeur glans .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish gang bang trambling several models sweet .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake girls .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\dotnet\shared\gay public feet .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian porn xxx [free] (Curtney).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie [milf] .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish beastiality fucking full movie glans shoes (Karin).mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse licking ¤ç .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast masturbation hotel .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish beast sleeping titts hairy (Jade).mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish animal blowjob [free] hole femdom .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\animal xxx girls shower .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gang bang lesbian girls titts castration .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\beastiality blowjob licking titts upskirt (Karin).mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\lingerie lesbian feet YEâPSè& .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian beastiality beast public .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\assembly\tmp\hardcore several models .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\CbsTemp\swedish horse lingerie uncut gorgeoushorny .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\tyrkish handjob trambling voyeur leather .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\spanish xxx voyeur boots .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\trambling [free] balls .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\spanish bukkake lesbian feet upskirt (Janette).mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\malaysia xxx [bangbus] .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\fetish hardcore hidden .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\black porn lesbian big (Tatjana).mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\blowjob public .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\german gay sleeping young .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\PLA\Templates\horse hidden titts .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\brasilian cumshot lesbian masturbation .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian kicking lingerie [bangbus] .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\russian handjob xxx [bangbus] castration .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british blowjob girls glans blondie .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\canadian lesbian [bangbus] cock girly .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\bukkake masturbation (Tatjana).zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\chinese hardcore [milf] gorgeoushorny (Sonja,Jade).zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian kicking trambling uncut glans .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\InputMethod\SHARED\sperm hot (!) (Liz).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\sperm full movie wifey (Sandy,Jade).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\german lesbian [free] latex .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian gay public beautyfull .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian fucking catfight glans mistress (Karin).zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\russian horse beast [free] titts mature (Jade).zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\chinese horse [milf] feet .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake full movie feet sweet .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british lesbian girls ejaculation .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\fucking public feet .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\african gay masturbation glans (Christine,Sylvia).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian animal xxx [free] .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\lesbian voyeur bedroom .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia sperm several models stockings .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\brasilian cumshot bukkake public leather .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beast several models titts 50+ .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish bukkake licking feet lady (Sylvia).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\fetish beast [bangbus] (Tatjana).mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\spanish hardcore masturbation titts (Christine,Tatjana).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black nude horse hot (!) granny .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\fetish fucking big 50+ .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\fucking [milf] hairy .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\spanish xxx uncut hole Ôï (Liz).mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian horse sperm lesbian wifey .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking masturbation glans latex .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american action blowjob hidden feet 50+ .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking hot (!) femdom .mpeg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\italian kicking trambling masturbation fishy .mpg.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia blowjob voyeur (Melissa).avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\spanish beast sleeping .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian kicking gay [free] upskirt .rar.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\black action xxx several models hole redhair .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\danish nude hardcore full movie hole .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\beast voyeur upskirt .avi.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\horse blowjob hidden circumcision .zip.exe	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3488	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3488	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
520	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
520	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
4580	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
4580	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
1212	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
1212	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3928	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3928	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3312	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3312	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3944	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3944	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
4912	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
4912	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2640	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
2640	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 2748	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	84
PID 5104 wrote to memory of 2748	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	84
PID 5104 wrote to memory of 2748	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	84
PID 5104 wrote to memory of 2932	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	85
PID 5104 wrote to memory of 2932	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	85
PID 5104 wrote to memory of 2932	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	85
PID 2748 wrote to memory of 5044	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	86
PID 2748 wrote to memory of 5044	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	86
PID 2748 wrote to memory of 5044	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	86
PID 5044 wrote to memory of 5064	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	87
PID 5044 wrote to memory of 5064	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	87
PID 5044 wrote to memory of 5064	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	87
PID 5104 wrote to memory of 3500	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	88
PID 5104 wrote to memory of 3500	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	88
PID 5104 wrote to memory of 3500	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	88
PID 2748 wrote to memory of 3084	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	89
PID 2748 wrote to memory of 3084	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	89
PID 2748 wrote to memory of 3084	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	89
PID 2932 wrote to memory of 3336	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	90
PID 2932 wrote to memory of 3336	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	90
PID 2932 wrote to memory of 3336	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	90
PID 5064 wrote to memory of 3488	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	91
PID 5064 wrote to memory of 3488	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	91
PID 5064 wrote to memory of 3488	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	91
PID 5044 wrote to memory of 520	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	92
PID 5044 wrote to memory of 520	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	92
PID 5044 wrote to memory of 520	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	92
PID 2748 wrote to memory of 4580	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	93
PID 2748 wrote to memory of 4580	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	93
PID 2748 wrote to memory of 4580	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	93
PID 5104 wrote to memory of 3928	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	94
PID 5104 wrote to memory of 3928	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	94
PID 5104 wrote to memory of 3928	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	94
PID 2932 wrote to memory of 1212	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	95
PID 2932 wrote to memory of 1212	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	95
PID 2932 wrote to memory of 1212	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	95
PID 3336 wrote to memory of 3312	3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	96
PID 3336 wrote to memory of 3312	3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	96
PID 3336 wrote to memory of 3312	3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	96
PID 3084 wrote to memory of 4912	3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	97
PID 3084 wrote to memory of 4912	3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	97
PID 3084 wrote to memory of 4912	3084	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	97
PID 3500 wrote to memory of 3944	3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	98
PID 3500 wrote to memory of 3944	3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	98
PID 3500 wrote to memory of 3944	3500	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	98
PID 5064 wrote to memory of 2640	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	99
PID 5064 wrote to memory of 2640	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	99
PID 5064 wrote to memory of 2640	5064	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	99
PID 3488 wrote to memory of 3560	3488	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	100
PID 3488 wrote to memory of 3560	3488	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	100
PID 3488 wrote to memory of 3560	3488	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	100
PID 5044 wrote to memory of 1536	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	101
PID 5044 wrote to memory of 1536	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	101
PID 5044 wrote to memory of 1536	5044	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	101
PID 2748 wrote to memory of 4344	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	102
PID 2748 wrote to memory of 4344	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	102
PID 2748 wrote to memory of 4344	2748	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	102
PID 5104 wrote to memory of 4352	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	103
PID 5104 wrote to memory of 4352	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	103
PID 5104 wrote to memory of 4352	5104	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	103
PID 2932 wrote to memory of 640	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	104
PID 2932 wrote to memory of 640	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	104
PID 2932 wrote to memory of 640	2932	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	104
PID 3336 wrote to memory of 2472	3336	bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe	105

C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
"C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        9⤵
        
        PID:20368
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:18988
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:22708
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        9⤵
        
        PID:18972
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:23544
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:17816
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:19532
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:19960
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22724
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:23556
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:19060
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:19576
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22116
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:19944
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:23028
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:19928
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:22980
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:22716
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:21644
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:18844
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22512
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:21780
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:20252
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:18812
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:21656
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23012
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:22164
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6624
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:22900
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:20208
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22972
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22436
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22964
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23528
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23004
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:20948
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:20928
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:23604
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:22668
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23536
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23936
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:3956
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:18804
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22496
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:19436
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22892
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:19504
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:18852
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10428
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:15196
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14264
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:22684
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22448
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:20392
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:21752
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:19888
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:22908
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13848
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:21068
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14644
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:18796
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22988
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:116
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:18744
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22468
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14700
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:21796
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        7⤵
        
        PID:21076
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:21160
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:23372
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:22996
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22004
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:19148
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22732
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:19860
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:20264
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:18820
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10548
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14440
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:21788
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:18860
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:22156
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:19952
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:17404
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:4944
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:18092
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10488
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14924
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:12228
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
        5⤵
        
        PID:19896
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:23020
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:18964
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10800
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:16196
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:22956
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:1560
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
      "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
      4⤵
      PID:17768
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:10792
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14568
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:21804
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:6240
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:14232
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:4860
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:7504
- - C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
    3⤵
    PID:19452
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:10520
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:15212
- C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe
  "C:\Users\Admin\AppData\Local\Temp\bb072b6a55016dc674de3c755b5bbc1fd9e5cea42c4b3c9b20a18e779c3cf934N.exe"
  2⤵
  PID:21140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian licking feet sm .zip.exe

Filesize
1.5MB

MD5
96c763fb70ea6b18e93e0af8ef464479

SHA1
ed837c83f8256ace89c0563bfb64b6ae3734fe51

SHA256
183396943e8eef6bc7739a3fc223de611240f48a3b18b415c788279ab1ab7d79

SHA512
6b744283fb4985b0474d73c126afba0bbfc175ad758609c99a69380148f64ac8ce54c6bad8a8102dc1a1f38ed8a59c3310b688973149b392f44e017a56f90018

Download Submit
memory/460-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/632-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/640-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/796-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/844-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1212-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1348-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1412-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1496-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1536-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1560-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1636-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1776-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2064-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2472-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2476-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2748-47-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3120-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3488-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3936-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4344-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4352-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4580-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4756-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5044-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5092-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5104-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5164-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5608-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5736-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5744-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5752-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5760-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5772-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5780-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5860-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5872-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5928-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6052-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6064-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6100-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6124-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6192-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6252-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6312-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6320-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6396-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6584-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6636-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6676-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7064-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7072-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7432-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7440-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7456-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7464-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7472-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7480-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7496-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7504-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7520-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7528-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7544-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7552-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7560-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7568-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7576-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7584-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7604-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7612-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7628-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7636-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7644-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7652-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7660-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7668-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7676-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7684-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7692-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7700-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7720-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7728-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7736-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7824-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8768-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8784-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8800-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8864-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8872-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8880-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8892-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8920-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8940-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download