6c9cef23724d5919232540a62618ba59aa6ee7bb4d64998b9536aaee83b906bd

Analysis

max time kernel
21s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5390930c5cf95c88ff511fc21a70f8e0N.exe
Size

107KB
MD5

5390930c5cf95c88ff511fc21a70f8e0
SHA1

f74951d2f39d206d1327b5cb21dbec0de0c6f227
SHA256

6c9cef23724d5919232540a62618ba59aa6ee7bb4d64998b9536aaee83b906bd
SHA512

9bd29a2a07772ba43732f145489c5929f52ca9bd2bba8de49864d4b28f409e9475011af970328ab47bfae1223b3db4347966cdee938223513548a388f67f3e56
SSDEEP

3072:djzhZWxivgmhbI/pqqsFUCN3R9MI+QBzK09y:dXC4vgmhbIxs3NBRxvy

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5390930c5cf95c88ff511fc21a70f8e0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\I:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\L:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\M:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\P:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\A:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\K:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\O:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\Q:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\U:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\V:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\B:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\G:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\H:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\N:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\R:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\S:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\W:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\Y:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\Z:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\J:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\T:	5390930c5cf95c88ff511fc21a70f8e0N.exe
File opened (read-only)	\??\X:	5390930c5cf95c88ff511fc21a70f8e0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\lingerie [bangbus] (Melissa).mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake lesbian feet .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian gang bang sperm girls titts .mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\System32\DriverStore\Temp\danish kicking lesbian licking gorgeoushorny .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish nude beast uncut glans young (Melissa).mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian action gay [milf] redhair .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx uncut latex .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\IME\shared\bukkake [bangbus] mature .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore big traffic .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob uncut (Melissa).mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\swedish nude bukkake licking girly .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie uncut cock .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black horse fucking [free] (Janette).mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Google\Temp\fucking masturbation fishy .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american nude lingerie [free] young .mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\hardcore masturbation hole circumcision .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black fetish gay sleeping (Samantha).zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese action gay big femdom .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish nude bukkake catfight feet ash (Curtney).avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking trambling hidden fishy (Gina,Melissa).rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx hidden .mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\hardcore full movie hole penetration .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian animal lingerie masturbation (Karin).rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian nude blowjob [free] ¤ã .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx girls cock swallow .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe

Drops file in Windows directory 33 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian horse fucking voyeur (Melissa).mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black porn hardcore girls glans .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\SoftwareDistribution\Download\sperm public cock sm .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish gang bang sperm public glans .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese nude horse hidden redhair .mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian masturbation feet .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling full movie mistress .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\xxx [milf] mistress .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american gang bang bukkake full movie hole .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\sperm big high heels .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\temp\russian kicking trambling girls latex (Anniston,Karin).zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american nude lesbian licking glans .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\mssrv.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish fetish hardcore girls swallow .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish fetish hardcore catfight cock sweet (Melissa).avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\swedish cum sperm full movie hole sm .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\PLA\Templates\brasilian action xxx lesbian shower .rar.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian handjob gay big hairy .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian cumshot lingerie girls hole YEâPSè& .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian handjob gay [bangbus] bedroom .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\lingerie licking 40+ .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\blowjob masturbation cock bedroom .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese cumshot trambling catfight femdom .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese blowjob [free] cock penetration (Karin).zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\tmp\bukkake masturbation (Karin).zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish handjob blowjob lesbian blondie .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx [milf] mature .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian fetish horse hot (!) hole leather .zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\horse girls YEâPSè& .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish horse sperm girls hole .mpeg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\Downloaded Program Files\xxx catfight granny .avi.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\horse sleeping feet .mpg.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe
File created	C:\Windows\security\templates\russian handjob horse licking (Liz).zip.exe	5390930c5cf95c88ff511fc21a70f8e0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 52 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5390930c5cf95c88ff511fc21a70f8e0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
2648	5390930c5cf95c88ff511fc21a70f8e0N.exe
2708	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
3044	5390930c5cf95c88ff511fc21a70f8e0N.exe
832	5390930c5cf95c88ff511fc21a70f8e0N.exe
2648	5390930c5cf95c88ff511fc21a70f8e0N.exe
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
1832	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
2108	5390930c5cf95c88ff511fc21a70f8e0N.exe
2708	5390930c5cf95c88ff511fc21a70f8e0N.exe
3012	5390930c5cf95c88ff511fc21a70f8e0N.exe
3060	5390930c5cf95c88ff511fc21a70f8e0N.exe
3052	5390930c5cf95c88ff511fc21a70f8e0N.exe
2448	5390930c5cf95c88ff511fc21a70f8e0N.exe
3044	5390930c5cf95c88ff511fc21a70f8e0N.exe
2648	5390930c5cf95c88ff511fc21a70f8e0N.exe
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
3040	5390930c5cf95c88ff511fc21a70f8e0N.exe
832	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
1832	5390930c5cf95c88ff511fc21a70f8e0N.exe
2600	5390930c5cf95c88ff511fc21a70f8e0N.exe
1384	5390930c5cf95c88ff511fc21a70f8e0N.exe
2708	5390930c5cf95c88ff511fc21a70f8e0N.exe
3000	5390930c5cf95c88ff511fc21a70f8e0N.exe
2108	5390930c5cf95c88ff511fc21a70f8e0N.exe
2588	5390930c5cf95c88ff511fc21a70f8e0N.exe
2520	5390930c5cf95c88ff511fc21a70f8e0N.exe
3012	5390930c5cf95c88ff511fc21a70f8e0N.exe
3044	5390930c5cf95c88ff511fc21a70f8e0N.exe
2648	5390930c5cf95c88ff511fc21a70f8e0N.exe
2504	5390930c5cf95c88ff511fc21a70f8e0N.exe
2204	5390930c5cf95c88ff511fc21a70f8e0N.exe
904	5390930c5cf95c88ff511fc21a70f8e0N.exe
2244	5390930c5cf95c88ff511fc21a70f8e0N.exe
3052	5390930c5cf95c88ff511fc21a70f8e0N.exe
3060	5390930c5cf95c88ff511fc21a70f8e0N.exe
2448	5390930c5cf95c88ff511fc21a70f8e0N.exe
2476	5390930c5cf95c88ff511fc21a70f8e0N.exe
2356	5390930c5cf95c88ff511fc21a70f8e0N.exe
832	5390930c5cf95c88ff511fc21a70f8e0N.exe
1884	5390930c5cf95c88ff511fc21a70f8e0N.exe
1816	5390930c5cf95c88ff511fc21a70f8e0N.exe
1816	5390930c5cf95c88ff511fc21a70f8e0N.exe
1032	5390930c5cf95c88ff511fc21a70f8e0N.exe
1032	5390930c5cf95c88ff511fc21a70f8e0N.exe
1716	5390930c5cf95c88ff511fc21a70f8e0N.exe
1716	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
2484	5390930c5cf95c88ff511fc21a70f8e0N.exe
1644	5390930c5cf95c88ff511fc21a70f8e0N.exe
1644	5390930c5cf95c88ff511fc21a70f8e0N.exe
2708	5390930c5cf95c88ff511fc21a70f8e0N.exe
2708	5390930c5cf95c88ff511fc21a70f8e0N.exe
1356	5390930c5cf95c88ff511fc21a70f8e0N.exe
1356	5390930c5cf95c88ff511fc21a70f8e0N.exe
1508	5390930c5cf95c88ff511fc21a70f8e0N.exe
1508	5390930c5cf95c88ff511fc21a70f8e0N.exe
1592	5390930c5cf95c88ff511fc21a70f8e0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2484	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	30
PID 2244 wrote to memory of 2484	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	30
PID 2244 wrote to memory of 2484	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	30
PID 2244 wrote to memory of 2484	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	30
PID 2484 wrote to memory of 2648	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	31
PID 2484 wrote to memory of 2648	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	31
PID 2484 wrote to memory of 2648	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	31
PID 2484 wrote to memory of 2648	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	31
PID 2244 wrote to memory of 2708	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	32
PID 2244 wrote to memory of 2708	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	32
PID 2244 wrote to memory of 2708	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	32
PID 2244 wrote to memory of 2708	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	32
PID 2648 wrote to memory of 3044	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	33
PID 2648 wrote to memory of 3044	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	33
PID 2648 wrote to memory of 3044	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	33
PID 2648 wrote to memory of 3044	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	33
PID 2484 wrote to memory of 832	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	34
PID 2484 wrote to memory of 832	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	34
PID 2484 wrote to memory of 832	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	34
PID 2484 wrote to memory of 832	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	34
PID 2244 wrote to memory of 1832	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	35
PID 2244 wrote to memory of 1832	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	35
PID 2244 wrote to memory of 1832	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	35
PID 2244 wrote to memory of 1832	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	35
PID 2708 wrote to memory of 2108	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	36
PID 2708 wrote to memory of 2108	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	36
PID 2708 wrote to memory of 2108	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	36
PID 2708 wrote to memory of 2108	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	36
PID 3044 wrote to memory of 3012	3044	5390930c5cf95c88ff511fc21a70f8e0N.exe	37
PID 3044 wrote to memory of 3012	3044	5390930c5cf95c88ff511fc21a70f8e0N.exe	37
PID 3044 wrote to memory of 3012	3044	5390930c5cf95c88ff511fc21a70f8e0N.exe	37
PID 3044 wrote to memory of 3012	3044	5390930c5cf95c88ff511fc21a70f8e0N.exe	37
PID 2648 wrote to memory of 3060	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	38
PID 2648 wrote to memory of 3060	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	38
PID 2648 wrote to memory of 3060	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	38
PID 2648 wrote to memory of 3060	2648	5390930c5cf95c88ff511fc21a70f8e0N.exe	38
PID 832 wrote to memory of 2448	832	5390930c5cf95c88ff511fc21a70f8e0N.exe	39
PID 832 wrote to memory of 2448	832	5390930c5cf95c88ff511fc21a70f8e0N.exe	39
PID 832 wrote to memory of 2448	832	5390930c5cf95c88ff511fc21a70f8e0N.exe	39
PID 832 wrote to memory of 2448	832	5390930c5cf95c88ff511fc21a70f8e0N.exe	39
PID 2244 wrote to memory of 3052	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	40
PID 2244 wrote to memory of 3052	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	40
PID 2244 wrote to memory of 3052	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	40
PID 2244 wrote to memory of 3052	2244	5390930c5cf95c88ff511fc21a70f8e0N.exe	40
PID 2484 wrote to memory of 3040	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	41
PID 2484 wrote to memory of 3040	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	41
PID 2484 wrote to memory of 3040	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	41
PID 2484 wrote to memory of 3040	2484	5390930c5cf95c88ff511fc21a70f8e0N.exe	41
PID 2708 wrote to memory of 1384	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	42
PID 2708 wrote to memory of 1384	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	42
PID 2708 wrote to memory of 1384	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	42
PID 2708 wrote to memory of 1384	2708	5390930c5cf95c88ff511fc21a70f8e0N.exe	42
PID 1832 wrote to memory of 2600	1832	5390930c5cf95c88ff511fc21a70f8e0N.exe	43
PID 1832 wrote to memory of 2600	1832	5390930c5cf95c88ff511fc21a70f8e0N.exe	43
PID 1832 wrote to memory of 2600	1832	5390930c5cf95c88ff511fc21a70f8e0N.exe	43
PID 1832 wrote to memory of 2600	1832	5390930c5cf95c88ff511fc21a70f8e0N.exe	43
PID 2108 wrote to memory of 3000	2108	5390930c5cf95c88ff511fc21a70f8e0N.exe	44
PID 2108 wrote to memory of 3000	2108	5390930c5cf95c88ff511fc21a70f8e0N.exe	44
PID 2108 wrote to memory of 3000	2108	5390930c5cf95c88ff511fc21a70f8e0N.exe	44
PID 2108 wrote to memory of 3000	2108	5390930c5cf95c88ff511fc21a70f8e0N.exe	44
PID 3012 wrote to memory of 2588	3012	5390930c5cf95c88ff511fc21a70f8e0N.exe	45
PID 3012 wrote to memory of 2588	3012	5390930c5cf95c88ff511fc21a70f8e0N.exe	45
PID 3012 wrote to memory of 2588	3012	5390930c5cf95c88ff511fc21a70f8e0N.exe	45
PID 3012 wrote to memory of 2588	3012	5390930c5cf95c88ff511fc21a70f8e0N.exe	45

C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
"C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        9⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        10⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9220
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:7832
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9412
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:10556
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6828
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9944
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:8628
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:8604
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9148
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9164
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:8612
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        7⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9372
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:10548
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9404
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:8588
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:9396
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        6⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:10488
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:8456
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9132
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:4988
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:7488
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
        5⤵
        
        PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:9140
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:5140
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:8492
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:10512
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
      4⤵
      PID:8796
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:8620
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  PID:3372
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:5636
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:10376
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  PID:4740
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:9000
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  PID:6984
- - C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
    3⤵
    PID:10648
- C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\5390930c5cf95c88ff511fc21a70f8e0N.exe"
  2⤵
  PID:9188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie uncut cock .zip.exe

Filesize
590KB

MD5
5e410fd9b8d685afc78c009a46e66efd

SHA1
ee892a6f5da8e1f906bd24ba4c631a805ae57d02

SHA256
bba5e20eb4faed40519d21acedba54a334967feffd0648c71a4aec01ac9dcf9d

SHA512
2f18ebd2f09108e8b57df131c14fd0f78d932b8be8015d54d81df0d8e3d883481dffad67e10917609443850989c3c844b5e37e8f4cb578b4b1778edfed0c9954

Download Submit