730301c3b7d9f582219d5bf17c3cd7931b77de28d60f8cea2ed7cc954f3732da

Analysis

max time kernel
113s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

313539f25ad79db93d873e4c48a7f290N.exe
Size

712KB
MD5

313539f25ad79db93d873e4c48a7f290
SHA1

2d93d5858a86a2d0fedb4d79cbb4e98322a6f15f
SHA256

730301c3b7d9f582219d5bf17c3cd7931b77de28d60f8cea2ed7cc954f3732da
SHA512

9669169ad0689878e54b60309e45ea90f0f3c76133e3e901f928baa73303b7a8fb69eea3c62432e6f184f16f6aa6c7078a82f5fab093658ebe3d9b3fa8aeba76
SSDEEP

12288:dXCNi9BxY3NjprfsaSGVzrOX6+tTpAMWZi/0oBTBNBPxQr0wUYasfIzndZ:oWxYRZu6qRTplfBTZWgVsgJZ

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	313539f25ad79db93d873e4c48a7f290N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\W:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\L:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\U:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\Y:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\Z:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\A:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\G:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\I:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\Q:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\R:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\V:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\X:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\E:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\H:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\O:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\M:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\N:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\S:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\T:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\B:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\J:	313539f25ad79db93d873e4c48a7f290N.exe
File opened (read-only)	\??\K:	313539f25ad79db93d873e4c48a7f290N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian gang bang big .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian xxx [milf] .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cumshot licking vagina ¼ç .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian animal horse hidden Ôë (Samantha,Kathrin).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake voyeur cock .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\FxsTmp\german cumshot several models .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\System32\DriverStore\Temp\cumshot xxx hidden (Janette,Gina).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african nude xxx catfight cock traffic .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore full movie ash (Janette).avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian cum horse sleeping Ôë .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian action full movie titts .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish lingerie lesbian .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\canadian kicking masturbation cock ash .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking sleeping .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian hardcore masturbation mature .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish beast beastiality voyeur .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian beast sperm [bangbus] redhair .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish cum full movie .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beastiality cum sleeping nipples (Jenna,Sandy).mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake action uncut bondage (Jade,Ashley).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish trambling porn hot (!) hairy (Samantha,Sarah).avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Google\Temp\fucking horse voyeur .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake full movie .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files\Windows Journal\Templates\kicking sperm licking glans (Liz).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\asian bukkake animal hot (!) (Karin,Sonja).mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\french blowjob bukkake [free] upskirt .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\russian cumshot lesbian .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cumshot fetish masturbation boobs black hairunshaved .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\SoftwareDistribution\Download\italian gang bang [free] leather .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\xxx hot (!) 40+ (Melissa).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse sleeping glans fishy .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\malaysia beastiality [milf] upskirt .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\fucking lingerie lesbian circumcision (Karin).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black fucking lesbian several models titts pregnant (Sonja).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\spanish kicking big wifey .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\danish lesbian lesbian lesbian ash (Britney).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\action cumshot several models hole black hairunshaved .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian fucking [free] 40+ .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\horse gay public 40+ .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\german cumshot gang bang masturbation castration .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black cum lesbian vagina (Sylvia).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\Downloaded Program Files\german lesbian licking (Karin,Sylvia).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french beast voyeur bedroom (Sandy,Sandy).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian animal [bangbus] lady .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\hardcore public upskirt .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\mssrv.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\american horse porn licking feet mature (Jade,Curtney).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\porn horse [free] titts shower .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian cum action catfight legs shoes .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish hardcore nude girls vagina .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\russian lingerie hot (!) boots (Ashley,Curtney).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\italian beast masturbation nipples (Anniston,Curtney).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african horse cum hot (!) young .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\danish hardcore beast public femdom .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore big (Ashley).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\asian blowjob gang bang public .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american hardcore lingerie masturbation bedroom (Sandy).mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse hot (!) pregnant .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\malaysia blowjob hidden hotel .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\tmp\gay [milf] bondage (Jade,Sandy).rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\lesbian masturbation redhair .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action trambling hot (!) penetration .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish action big girly .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british trambling big (Anniston,Jenna).mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british fetish sleeping vagina pregnant .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal gay [free] .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\lesbian catfight (Anniston,Kathrin).avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\french fetish full movie legs .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american trambling bukkake uncut vagina .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french beastiality girls hole .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\temp\fetish lesbian hidden beautyfull .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish sperm sleeping hole pregnant .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\french horse trambling voyeur circumcision (Britney,Christine).mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\spanish xxx nude public sweet .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\asian xxx gay several models mistress .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\japanese beast lingerie girls nipples mature .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\sperm bukkake catfight .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\british lesbian gang bang sleeping .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fetish gang bang full movie .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia blowjob [free] (Sylvia,Sandy).mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast hardcore full movie cock .rar.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse fucking licking YEâPSè& (Curtney,Janette).zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian blowjob [milf] circumcision .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian animal sleeping latex .avi.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie full movie .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\asian animal [bangbus] beautyfull .mpeg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\action nude catfight 50+ .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\brasilian horse gang bang sleeping glans .mpg.exe	313539f25ad79db93d873e4c48a7f290N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french nude uncut high heels .zip.exe	313539f25ad79db93d873e4c48a7f290N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	313539f25ad79db93d873e4c48a7f290N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2692	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
2692	313539f25ad79db93d873e4c48a7f290N.exe
2172	313539f25ad79db93d873e4c48a7f290N.exe
1248	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
2692	313539f25ad79db93d873e4c48a7f290N.exe
3064	313539f25ad79db93d873e4c48a7f290N.exe
2856	313539f25ad79db93d873e4c48a7f290N.exe
2172	313539f25ad79db93d873e4c48a7f290N.exe
1248	313539f25ad79db93d873e4c48a7f290N.exe
2168	313539f25ad79db93d873e4c48a7f290N.exe
2632	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
2692	313539f25ad79db93d873e4c48a7f290N.exe
2640	313539f25ad79db93d873e4c48a7f290N.exe
2084	313539f25ad79db93d873e4c48a7f290N.exe
1576	313539f25ad79db93d873e4c48a7f290N.exe
2856	313539f25ad79db93d873e4c48a7f290N.exe
1248	313539f25ad79db93d873e4c48a7f290N.exe
2844	313539f25ad79db93d873e4c48a7f290N.exe
2172	313539f25ad79db93d873e4c48a7f290N.exe
3048	313539f25ad79db93d873e4c48a7f290N.exe
264	313539f25ad79db93d873e4c48a7f290N.exe
3064	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
2168	313539f25ad79db93d873e4c48a7f290N.exe
2340	313539f25ad79db93d873e4c48a7f290N.exe
2088	313539f25ad79db93d873e4c48a7f290N.exe
2692	313539f25ad79db93d873e4c48a7f290N.exe
2632	313539f25ad79db93d873e4c48a7f290N.exe
2036	313539f25ad79db93d873e4c48a7f290N.exe
2948	313539f25ad79db93d873e4c48a7f290N.exe
2084	313539f25ad79db93d873e4c48a7f290N.exe
1544	313539f25ad79db93d873e4c48a7f290N.exe
968	313539f25ad79db93d873e4c48a7f290N.exe
1576	313539f25ad79db93d873e4c48a7f290N.exe
1720	313539f25ad79db93d873e4c48a7f290N.exe
2856	313539f25ad79db93d873e4c48a7f290N.exe
1248	313539f25ad79db93d873e4c48a7f290N.exe
2140	313539f25ad79db93d873e4c48a7f290N.exe
2640	313539f25ad79db93d873e4c48a7f290N.exe
2504	313539f25ad79db93d873e4c48a7f290N.exe
2504	313539f25ad79db93d873e4c48a7f290N.exe
2844	313539f25ad79db93d873e4c48a7f290N.exe
2844	313539f25ad79db93d873e4c48a7f290N.exe
2172	313539f25ad79db93d873e4c48a7f290N.exe
2172	313539f25ad79db93d873e4c48a7f290N.exe
2088	313539f25ad79db93d873e4c48a7f290N.exe
2088	313539f25ad79db93d873e4c48a7f290N.exe
3048	313539f25ad79db93d873e4c48a7f290N.exe
3048	313539f25ad79db93d873e4c48a7f290N.exe
2192	313539f25ad79db93d873e4c48a7f290N.exe
2192	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
3016	313539f25ad79db93d873e4c48a7f290N.exe
1484	313539f25ad79db93d873e4c48a7f290N.exe
1484	313539f25ad79db93d873e4c48a7f290N.exe
1724	313539f25ad79db93d873e4c48a7f290N.exe
1724	313539f25ad79db93d873e4c48a7f290N.exe
2168	313539f25ad79db93d873e4c48a7f290N.exe
2168	313539f25ad79db93d873e4c48a7f290N.exe
236	313539f25ad79db93d873e4c48a7f290N.exe
236	313539f25ad79db93d873e4c48a7f290N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3016	2692	313539f25ad79db93d873e4c48a7f290N.exe	30
PID 2692 wrote to memory of 3016	2692	313539f25ad79db93d873e4c48a7f290N.exe	30
PID 2692 wrote to memory of 3016	2692	313539f25ad79db93d873e4c48a7f290N.exe	30
PID 2692 wrote to memory of 3016	2692	313539f25ad79db93d873e4c48a7f290N.exe	30
PID 3016 wrote to memory of 2172	3016	313539f25ad79db93d873e4c48a7f290N.exe	31
PID 3016 wrote to memory of 2172	3016	313539f25ad79db93d873e4c48a7f290N.exe	31
PID 3016 wrote to memory of 2172	3016	313539f25ad79db93d873e4c48a7f290N.exe	31
PID 3016 wrote to memory of 2172	3016	313539f25ad79db93d873e4c48a7f290N.exe	31
PID 2692 wrote to memory of 1248	2692	313539f25ad79db93d873e4c48a7f290N.exe	32
PID 2692 wrote to memory of 1248	2692	313539f25ad79db93d873e4c48a7f290N.exe	32
PID 2692 wrote to memory of 1248	2692	313539f25ad79db93d873e4c48a7f290N.exe	32
PID 2692 wrote to memory of 1248	2692	313539f25ad79db93d873e4c48a7f290N.exe	32
PID 2172 wrote to memory of 3064	2172	313539f25ad79db93d873e4c48a7f290N.exe	33
PID 2172 wrote to memory of 3064	2172	313539f25ad79db93d873e4c48a7f290N.exe	33
PID 2172 wrote to memory of 3064	2172	313539f25ad79db93d873e4c48a7f290N.exe	33
PID 2172 wrote to memory of 3064	2172	313539f25ad79db93d873e4c48a7f290N.exe	33
PID 1248 wrote to memory of 2856	1248	313539f25ad79db93d873e4c48a7f290N.exe	34
PID 1248 wrote to memory of 2856	1248	313539f25ad79db93d873e4c48a7f290N.exe	34
PID 1248 wrote to memory of 2856	1248	313539f25ad79db93d873e4c48a7f290N.exe	34
PID 1248 wrote to memory of 2856	1248	313539f25ad79db93d873e4c48a7f290N.exe	34
PID 3016 wrote to memory of 2632	3016	313539f25ad79db93d873e4c48a7f290N.exe	35
PID 3016 wrote to memory of 2632	3016	313539f25ad79db93d873e4c48a7f290N.exe	35
PID 3016 wrote to memory of 2632	3016	313539f25ad79db93d873e4c48a7f290N.exe	35
PID 3016 wrote to memory of 2632	3016	313539f25ad79db93d873e4c48a7f290N.exe	35
PID 2692 wrote to memory of 2168	2692	313539f25ad79db93d873e4c48a7f290N.exe	36
PID 2692 wrote to memory of 2168	2692	313539f25ad79db93d873e4c48a7f290N.exe	36
PID 2692 wrote to memory of 2168	2692	313539f25ad79db93d873e4c48a7f290N.exe	36
PID 2692 wrote to memory of 2168	2692	313539f25ad79db93d873e4c48a7f290N.exe	36
PID 2856 wrote to memory of 2084	2856	313539f25ad79db93d873e4c48a7f290N.exe	38
PID 2856 wrote to memory of 2084	2856	313539f25ad79db93d873e4c48a7f290N.exe	38
PID 2856 wrote to memory of 2084	2856	313539f25ad79db93d873e4c48a7f290N.exe	38
PID 2856 wrote to memory of 2084	2856	313539f25ad79db93d873e4c48a7f290N.exe	38
PID 2172 wrote to memory of 2640	2172	313539f25ad79db93d873e4c48a7f290N.exe	39
PID 2172 wrote to memory of 2640	2172	313539f25ad79db93d873e4c48a7f290N.exe	39
PID 2172 wrote to memory of 2640	2172	313539f25ad79db93d873e4c48a7f290N.exe	39
PID 2172 wrote to memory of 2640	2172	313539f25ad79db93d873e4c48a7f290N.exe	39
PID 1248 wrote to memory of 1576	1248	313539f25ad79db93d873e4c48a7f290N.exe	40
PID 1248 wrote to memory of 1576	1248	313539f25ad79db93d873e4c48a7f290N.exe	40
PID 1248 wrote to memory of 1576	1248	313539f25ad79db93d873e4c48a7f290N.exe	40
PID 1248 wrote to memory of 1576	1248	313539f25ad79db93d873e4c48a7f290N.exe	40
PID 3064 wrote to memory of 2844	3064	313539f25ad79db93d873e4c48a7f290N.exe	37
PID 3064 wrote to memory of 2844	3064	313539f25ad79db93d873e4c48a7f290N.exe	37
PID 3064 wrote to memory of 2844	3064	313539f25ad79db93d873e4c48a7f290N.exe	37
PID 3064 wrote to memory of 2844	3064	313539f25ad79db93d873e4c48a7f290N.exe	37
PID 3016 wrote to memory of 264	3016	313539f25ad79db93d873e4c48a7f290N.exe	41
PID 3016 wrote to memory of 264	3016	313539f25ad79db93d873e4c48a7f290N.exe	41
PID 3016 wrote to memory of 264	3016	313539f25ad79db93d873e4c48a7f290N.exe	41
PID 3016 wrote to memory of 264	3016	313539f25ad79db93d873e4c48a7f290N.exe	41
PID 2168 wrote to memory of 3048	2168	313539f25ad79db93d873e4c48a7f290N.exe	42
PID 2168 wrote to memory of 3048	2168	313539f25ad79db93d873e4c48a7f290N.exe	42
PID 2168 wrote to memory of 3048	2168	313539f25ad79db93d873e4c48a7f290N.exe	42
PID 2168 wrote to memory of 3048	2168	313539f25ad79db93d873e4c48a7f290N.exe	42
PID 2692 wrote to memory of 2088	2692	313539f25ad79db93d873e4c48a7f290N.exe	43
PID 2692 wrote to memory of 2088	2692	313539f25ad79db93d873e4c48a7f290N.exe	43
PID 2692 wrote to memory of 2088	2692	313539f25ad79db93d873e4c48a7f290N.exe	43
PID 2692 wrote to memory of 2088	2692	313539f25ad79db93d873e4c48a7f290N.exe	43
PID 2632 wrote to memory of 2340	2632	313539f25ad79db93d873e4c48a7f290N.exe	44
PID 2632 wrote to memory of 2340	2632	313539f25ad79db93d873e4c48a7f290N.exe	44
PID 2632 wrote to memory of 2340	2632	313539f25ad79db93d873e4c48a7f290N.exe	44
PID 2632 wrote to memory of 2340	2632	313539f25ad79db93d873e4c48a7f290N.exe	44
PID 2640 wrote to memory of 2948	2640	313539f25ad79db93d873e4c48a7f290N.exe	45
PID 2640 wrote to memory of 2948	2640	313539f25ad79db93d873e4c48a7f290N.exe	45
PID 2640 wrote to memory of 2948	2640	313539f25ad79db93d873e4c48a7f290N.exe	45
PID 2640 wrote to memory of 2948	2640	313539f25ad79db93d873e4c48a7f290N.exe	45

C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
"C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        10⤵
        
        PID:22152
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:24116
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:21648
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:21160
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:22416
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22144
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:21092
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24180
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21296
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22124
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:22052
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22432
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24596
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24188
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23628
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23724
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21152
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:19272
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:21288
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:23692
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22296
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24312
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24588
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:23668
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24552
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22004
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23708
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24060
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24012
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:20776
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22176
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22236
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22084
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24140
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:19560
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:22020
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22320
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24528
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:20840
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24560
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23988
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24240
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24100
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:23700
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22424
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:19296
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22328
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23740
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22344
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24536
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:19600
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:23948
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22304
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22076
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22288
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22092
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22484
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:21692
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:23392
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22012
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22116
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24204
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22044
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:21672
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24544
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13532
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:18632
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:21168
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:8676
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:16784
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:24300
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        9⤵
        
        PID:19280
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:21700
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:24604
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22336
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:17768
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24092
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:23716
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:22036
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:24108
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:21552
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22192
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22228
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24344
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22244
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23956
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22184
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:23972
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24512
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:18652
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22376
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        8⤵
        
        PID:24520
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24132
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22352
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21192
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:22100
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22408
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24264
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:21272
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:23964
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:24156
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:22280
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21640
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24568
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13952
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24232
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24076
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:20656
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12768
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:24488
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:8088
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:13392
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:1984
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23368
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:23980
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23796
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:20208
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24124
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:19336
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22600
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:16792
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23376
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21184
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22384
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:23844
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22220
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22996
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22392
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:21680
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22252
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22200
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:21280
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:8692
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:16760
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:236
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        7⤵
        
        PID:23732
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:21144
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:23384
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22260
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        6⤵
        
        PID:24084
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22360
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22468
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:16656
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:21664
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:24148
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22272
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:10760
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:22212
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:24480
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:16964
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:13764
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22400
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:23812
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:24504
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:3312
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:3940
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:19576
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3520
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
        5⤵
        
        PID:22828
  - - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
      "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
      4⤵
      PID:16268
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:7572
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:12516
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:22312
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:12688
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:16720
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:12760
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  PID:6876
- - C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
    "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
    3⤵
    PID:13936
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  PID:11292
- C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe
  "C:\Users\Admin\AppData\Local\Temp\313539f25ad79db93d873e4c48a7f290N.exe"
  2⤵
  PID:22440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\asian bukkake animal hot (!) (Karin,Sonja).mpg.exe

Filesize
1.9MB

MD5
bc023f39450d5698007b92116bc992b7

SHA1
5fa1a67f38949e7500326182e0000fa8ebc620a4

SHA256
a73a699039a3ef77f7e4b0bcd2682574ecd5b71e3bc6cd80433646cdd4d97f52

SHA512
b90d0de573b79507813d165aea1954059e920002eac773dec6a9f78f6f07c50658a2ce808f7402f8194bad989d76c57b59873c799775546346e2f39c9477db8b

Download Submit
C:\debug.txt

Filesize
183B

MD5
db8813c1e38b1533a53d6059237253aa

SHA1
650a698eaac27140afc9f6db11a981cc56b44313

SHA256
b99513e311d819bacd71af12fa5c084b746221d11b4f6dd103a379db457869f6

SHA512
70bb8befa84445e66231c01b4ba3e479a1b8d95502f4c86d86ff2e179017afcce2e8fdce827c8332c1231210e4ad43ece2a880a3f6867f4a16d360d3f091eb06

Download Submit
memory/236-167-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/236-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/264-171-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/276-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/552-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/968-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1040-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1128-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-91-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1248-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1276-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1276-174-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1484-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1508-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1508-162-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1528-158-0x0000000001ED0000-0x0000000001EFB000-memory.dmp

Filesize
172KB

Download
memory/1528-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-156-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1532-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1544-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1576-102-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/1720-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1720-125-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1724-140-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1724-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1896-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-119-0x0000000001EA0000-0x0000000001ECB000-memory.dmp

Filesize
172KB

Download
memory/2084-100-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2084-121-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2088-164-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2088-136-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2088-112-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2116-165-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2140-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-168-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2168-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-96-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2172-169-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2172-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-139-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2172-90-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2188-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-141-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2336-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2340-166-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2352-157-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2352-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2364-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2424-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2456-155-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2456-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2460-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2488-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2504-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-153-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2632-178-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2640-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2640-99-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2640-126-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2672-160-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2672-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2692-116-0x00000000057B0000-0x00000000057DB000-memory.dmp

Filesize
172KB

Download
memory/2692-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2692-65-0x0000000005370000-0x000000000539B000-memory.dmp

Filesize
172KB

Download
memory/2692-154-0x00000000057B0000-0x00000000057DB000-memory.dmp

Filesize
172KB

Download
memory/2692-180-0x0000000005370000-0x000000000539B000-memory.dmp

Filesize
172KB

Download
memory/2692-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2692-179-0x00000000057B0000-0x00000000057DB000-memory.dmp

Filesize
172KB

Download
memory/2700-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-173-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2808-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2808-161-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2844-142-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2844-172-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2856-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-103-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2856-95-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2912-159-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2912-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-122-0x00000000044F0000-0x000000000451B000-memory.dmp

Filesize
172KB

Download
memory/2948-163-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/2968-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-66-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-87-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/3016-138-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/3016-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-182-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/3048-137-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/3064-144-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/3064-94-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/3064-170-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download