c52426433d41ec53174953de268577b6f1e179767de3a01152936533ab008ab7

Analysis

max time kernel
28s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118776b114d3fb8232e07fce421214b0N.exe
Size

2.0MB
MD5

118776b114d3fb8232e07fce421214b0
SHA1

174454039675e59d09b2538451afd3f1ec9b82a1
SHA256

c52426433d41ec53174953de268577b6f1e179767de3a01152936533ab008ab7
SHA512

da867a62edc0cb1caeef4fd3914fe634b8d303b2a2d6d6e0ccc11fbc79978e3fe2c8b623e7e2cc5cde376174508f06c13b0c172ee23e8ea208b7f699ea89d2d4
SSDEEP

49152:V41xsZgM/FkKCnMRhbL6su1MglBXSecjDUs8AtGtrEZAgok70bo:q1xutkdnMzijqgltSTjDH8AtGZEbv0M

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	118776b114d3fb8232e07fce421214b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\N:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Q:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\R:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\X:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\B:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\H:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\K:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\L:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\T:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\V:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Y:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\E:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\I:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\M:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\P:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\S:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\U:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\A:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\O:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\W:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\Z:	118776b114d3fb8232e07fce421214b0N.exe
File opened (read-only)	\??\J:	118776b114d3fb8232e07fce421214b0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish sperm [milf] .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\spanish trambling [free] feet gorgeoushorny .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\chinese porn lesbian penetration .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm fetish public vagina fishy .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black cum kicking masturbation penetration (Karin,Christine).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian bukkake lingerie full movie nipples beautyfull .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian lesbian masturbation castration .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\porn big nipples mistress .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob sleeping nipples (Sonja,Janette).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\fetish [free] sm (Karin).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\german beast hot (!) .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian beast horse full movie upskirt (Christine).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\bukkake animal licking titts YEâPSè& .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\asian gang bang sperm uncut upskirt (Britney,Ashley).rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\DVD Maker\Shared\lesbian [free] .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Google\Temp\british hardcore hardcore masturbation bedroom .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\canadian xxx fetish hot (!) balls .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\japanese lingerie uncut latex (Gina,Kathrin).rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian gang bang hidden gorgeoushorny .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse hardcore hidden shower (Jade,Jade).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\hardcore masturbation bondage .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\british blowjob bukkake voyeur swallow .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\asian kicking nude full movie YEâPSè& .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\chinese gang bang porn girls fishy .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore catfight .rar.exe	118776b114d3fb8232e07fce421214b0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\lingerie horse uncut .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\japanese sperm uncut hotel (Janette).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african gang bang bukkake public latex (Melissa).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian sperm action several models titts .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\malaysia handjob porn masturbation gorgeoushorny .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\gay blowjob lesbian mature .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob trambling [milf] gorgeoushorny .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british fucking lesbian .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british lingerie hidden shoes .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking hidden hole hairy .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\chinese kicking licking upskirt .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\african lingerie public stockings .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\sperm beastiality licking lady .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\gang bang several models nipples stockings (Tatjana).rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black porn voyeur boobs .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian action cumshot hot (!) vagina sweet .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\malaysia trambling catfight cock .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\handjob porn licking .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore lingerie public black hairunshaved .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german cumshot beastiality [milf] boobs mistress (Ashley,Karin).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\russian horse voyeur .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\italian sperm hot (!) .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\malaysia lingerie [bangbus] redhair .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian cumshot lesbian full movie ìï (Sandy).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\italian hardcore hidden high heels (Sonja).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\british gay uncut bedroom (Anniston,Sonja).mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gang bang uncut ash .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish xxx catfight (Sylvia).rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\italian lesbian sperm licking titts stockings .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian trambling kicking sleeping hole black hairunshaved .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking fucking girls hole high heels (Melissa,Sandy).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\brasilian hardcore [free] (Curtney,Sarah).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob fetish hidden hairy .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black handjob action masturbation feet ash .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\tyrkish xxx public hole young .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german handjob beast girls lady .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\kicking [milf] lady .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american cumshot uncut lady .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian blowjob sleeping granny .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\porn gay hidden boobs traffic (Christine).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\russian kicking licking shoes .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob blowjob [bangbus] hairy .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese sperm bukkake catfight feet .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\american blowjob fucking sleeping .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\action several models redhair .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\russian hardcore several models hairy .rar.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\asian fetish [milf] .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american gay girls lady (Sarah).zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\tyrkish animal beastiality sleeping glans sm .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse horse [milf] .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal action hidden (Jenna).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\animal masturbation feet hairy (Sarah,Sonja).zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\chinese animal voyeur feet .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian nude cum masturbation hole blondie .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fetish xxx full movie boobs (Sylvia).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\gang bang public hotel (Jade).avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african nude full movie .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\InstallTemp\horse handjob catfight legs .mpg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\french handjob nude [milf] .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\spanish bukkake [free] (Gina,Liz).mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\bukkake hot (!) hole lady .zip.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality handjob lesbian .mpeg.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\beastiality voyeur leather .avi.exe	118776b114d3fb8232e07fce421214b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\asian hardcore bukkake hot (!) swallow .avi.exe	118776b114d3fb8232e07fce421214b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	118776b114d3fb8232e07fce421214b0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2188	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
2188	118776b114d3fb8232e07fce421214b0N.exe
2884	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
376	118776b114d3fb8232e07fce421214b0N.exe
2188	118776b114d3fb8232e07fce421214b0N.exe
1760	118776b114d3fb8232e07fce421214b0N.exe
1772	118776b114d3fb8232e07fce421214b0N.exe
2884	118776b114d3fb8232e07fce421214b0N.exe
1896	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
376	118776b114d3fb8232e07fce421214b0N.exe
2188	118776b114d3fb8232e07fce421214b0N.exe
2280	118776b114d3fb8232e07fce421214b0N.exe
2520	118776b114d3fb8232e07fce421214b0N.exe
2592	118776b114d3fb8232e07fce421214b0N.exe
1760	118776b114d3fb8232e07fce421214b0N.exe
536	118776b114d3fb8232e07fce421214b0N.exe
2884	118776b114d3fb8232e07fce421214b0N.exe
484	118776b114d3fb8232e07fce421214b0N.exe
1772	118776b114d3fb8232e07fce421214b0N.exe
1896	118776b114d3fb8232e07fce421214b0N.exe
1908	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
376	118776b114d3fb8232e07fce421214b0N.exe
2188	118776b114d3fb8232e07fce421214b0N.exe
2472	118776b114d3fb8232e07fce421214b0N.exe
2620	118776b114d3fb8232e07fce421214b0N.exe
2392	118776b114d3fb8232e07fce421214b0N.exe
2280	118776b114d3fb8232e07fce421214b0N.exe
2404	118776b114d3fb8232e07fce421214b0N.exe
328	118776b114d3fb8232e07fce421214b0N.exe
1156	118776b114d3fb8232e07fce421214b0N.exe
2520	118776b114d3fb8232e07fce421214b0N.exe
1832	118776b114d3fb8232e07fce421214b0N.exe
1760	118776b114d3fb8232e07fce421214b0N.exe
2592	118776b114d3fb8232e07fce421214b0N.exe
300	118776b114d3fb8232e07fce421214b0N.exe
2884	118776b114d3fb8232e07fce421214b0N.exe
536	118776b114d3fb8232e07fce421214b0N.exe
536	118776b114d3fb8232e07fce421214b0N.exe
1772	118776b114d3fb8232e07fce421214b0N.exe
1772	118776b114d3fb8232e07fce421214b0N.exe
944	118776b114d3fb8232e07fce421214b0N.exe
944	118776b114d3fb8232e07fce421214b0N.exe
3060	118776b114d3fb8232e07fce421214b0N.exe
3060	118776b114d3fb8232e07fce421214b0N.exe
1860	118776b114d3fb8232e07fce421214b0N.exe
1860	118776b114d3fb8232e07fce421214b0N.exe
1012	118776b114d3fb8232e07fce421214b0N.exe
1012	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
2652	118776b114d3fb8232e07fce421214b0N.exe
376	118776b114d3fb8232e07fce421214b0N.exe
376	118776b114d3fb8232e07fce421214b0N.exe
3052	118776b114d3fb8232e07fce421214b0N.exe
3052	118776b114d3fb8232e07fce421214b0N.exe
1532	118776b114d3fb8232e07fce421214b0N.exe
1532	118776b114d3fb8232e07fce421214b0N.exe
1908	118776b114d3fb8232e07fce421214b0N.exe
1908	118776b114d3fb8232e07fce421214b0N.exe
1896	118776b114d3fb8232e07fce421214b0N.exe
484	118776b114d3fb8232e07fce421214b0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2652	2188	118776b114d3fb8232e07fce421214b0N.exe	30
PID 2188 wrote to memory of 2652	2188	118776b114d3fb8232e07fce421214b0N.exe	30
PID 2188 wrote to memory of 2652	2188	118776b114d3fb8232e07fce421214b0N.exe	30
PID 2188 wrote to memory of 2652	2188	118776b114d3fb8232e07fce421214b0N.exe	30
PID 2652 wrote to memory of 2884	2652	118776b114d3fb8232e07fce421214b0N.exe	31
PID 2652 wrote to memory of 2884	2652	118776b114d3fb8232e07fce421214b0N.exe	31
PID 2652 wrote to memory of 2884	2652	118776b114d3fb8232e07fce421214b0N.exe	31
PID 2652 wrote to memory of 2884	2652	118776b114d3fb8232e07fce421214b0N.exe	31
PID 2188 wrote to memory of 376	2188	118776b114d3fb8232e07fce421214b0N.exe	32
PID 2188 wrote to memory of 376	2188	118776b114d3fb8232e07fce421214b0N.exe	32
PID 2188 wrote to memory of 376	2188	118776b114d3fb8232e07fce421214b0N.exe	32
PID 2188 wrote to memory of 376	2188	118776b114d3fb8232e07fce421214b0N.exe	32
PID 2884 wrote to memory of 1760	2884	118776b114d3fb8232e07fce421214b0N.exe	33
PID 2884 wrote to memory of 1760	2884	118776b114d3fb8232e07fce421214b0N.exe	33
PID 2884 wrote to memory of 1760	2884	118776b114d3fb8232e07fce421214b0N.exe	33
PID 2884 wrote to memory of 1760	2884	118776b114d3fb8232e07fce421214b0N.exe	33
PID 2652 wrote to memory of 1772	2652	118776b114d3fb8232e07fce421214b0N.exe	34
PID 2652 wrote to memory of 1772	2652	118776b114d3fb8232e07fce421214b0N.exe	34
PID 2652 wrote to memory of 1772	2652	118776b114d3fb8232e07fce421214b0N.exe	34
PID 2652 wrote to memory of 1772	2652	118776b114d3fb8232e07fce421214b0N.exe	34
PID 376 wrote to memory of 1896	376	118776b114d3fb8232e07fce421214b0N.exe	35
PID 376 wrote to memory of 1896	376	118776b114d3fb8232e07fce421214b0N.exe	35
PID 376 wrote to memory of 1896	376	118776b114d3fb8232e07fce421214b0N.exe	35
PID 376 wrote to memory of 1896	376	118776b114d3fb8232e07fce421214b0N.exe	35
PID 2188 wrote to memory of 2280	2188	118776b114d3fb8232e07fce421214b0N.exe	36
PID 2188 wrote to memory of 2280	2188	118776b114d3fb8232e07fce421214b0N.exe	36
PID 2188 wrote to memory of 2280	2188	118776b114d3fb8232e07fce421214b0N.exe	36
PID 2188 wrote to memory of 2280	2188	118776b114d3fb8232e07fce421214b0N.exe	36
PID 1760 wrote to memory of 2520	1760	118776b114d3fb8232e07fce421214b0N.exe	37
PID 1760 wrote to memory of 2520	1760	118776b114d3fb8232e07fce421214b0N.exe	37
PID 1760 wrote to memory of 2520	1760	118776b114d3fb8232e07fce421214b0N.exe	37
PID 1760 wrote to memory of 2520	1760	118776b114d3fb8232e07fce421214b0N.exe	37
PID 2884 wrote to memory of 2592	2884	118776b114d3fb8232e07fce421214b0N.exe	38
PID 2884 wrote to memory of 2592	2884	118776b114d3fb8232e07fce421214b0N.exe	38
PID 2884 wrote to memory of 2592	2884	118776b114d3fb8232e07fce421214b0N.exe	38
PID 2884 wrote to memory of 2592	2884	118776b114d3fb8232e07fce421214b0N.exe	38
PID 1772 wrote to memory of 536	1772	118776b114d3fb8232e07fce421214b0N.exe	39
PID 1772 wrote to memory of 536	1772	118776b114d3fb8232e07fce421214b0N.exe	39
PID 1772 wrote to memory of 536	1772	118776b114d3fb8232e07fce421214b0N.exe	39
PID 1772 wrote to memory of 536	1772	118776b114d3fb8232e07fce421214b0N.exe	39
PID 1896 wrote to memory of 484	1896	118776b114d3fb8232e07fce421214b0N.exe	40
PID 1896 wrote to memory of 484	1896	118776b114d3fb8232e07fce421214b0N.exe	40
PID 1896 wrote to memory of 484	1896	118776b114d3fb8232e07fce421214b0N.exe	40
PID 1896 wrote to memory of 484	1896	118776b114d3fb8232e07fce421214b0N.exe	40
PID 2652 wrote to memory of 2472	2652	118776b114d3fb8232e07fce421214b0N.exe	41
PID 2652 wrote to memory of 2472	2652	118776b114d3fb8232e07fce421214b0N.exe	41
PID 2652 wrote to memory of 2472	2652	118776b114d3fb8232e07fce421214b0N.exe	41
PID 2652 wrote to memory of 2472	2652	118776b114d3fb8232e07fce421214b0N.exe	41
PID 376 wrote to memory of 1908	376	118776b114d3fb8232e07fce421214b0N.exe	42
PID 376 wrote to memory of 1908	376	118776b114d3fb8232e07fce421214b0N.exe	42
PID 376 wrote to memory of 1908	376	118776b114d3fb8232e07fce421214b0N.exe	42
PID 376 wrote to memory of 1908	376	118776b114d3fb8232e07fce421214b0N.exe	42
PID 2188 wrote to memory of 2620	2188	118776b114d3fb8232e07fce421214b0N.exe	43
PID 2188 wrote to memory of 2620	2188	118776b114d3fb8232e07fce421214b0N.exe	43
PID 2188 wrote to memory of 2620	2188	118776b114d3fb8232e07fce421214b0N.exe	43
PID 2188 wrote to memory of 2620	2188	118776b114d3fb8232e07fce421214b0N.exe	43
PID 2280 wrote to memory of 2392	2280	118776b114d3fb8232e07fce421214b0N.exe	44
PID 2280 wrote to memory of 2392	2280	118776b114d3fb8232e07fce421214b0N.exe	44
PID 2280 wrote to memory of 2392	2280	118776b114d3fb8232e07fce421214b0N.exe	44
PID 2280 wrote to memory of 2392	2280	118776b114d3fb8232e07fce421214b0N.exe	44
PID 1760 wrote to memory of 2404	1760	118776b114d3fb8232e07fce421214b0N.exe	45
PID 1760 wrote to memory of 2404	1760	118776b114d3fb8232e07fce421214b0N.exe	45
PID 1760 wrote to memory of 2404	1760	118776b114d3fb8232e07fce421214b0N.exe	45
PID 1760 wrote to memory of 2404	1760	118776b114d3fb8232e07fce421214b0N.exe	45

C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
"C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        10⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:18764
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:11472
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:18488
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10880
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14184
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:19192
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:12980
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8404
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:14192
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:376
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        8⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:16540
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10828
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8500
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9028
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10616
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10772
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8420
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:16944
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        7⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14468
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:11648
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13420
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13628
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13700
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:9776
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9768
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13316
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:10148
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:10648
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:1604
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
        5⤵
        
        PID:752
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13796
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6432
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:11656
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
      4⤵
      PID:13744
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:6172
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:13288
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:8076
- - C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
    3⤵
    PID:14152
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:6160
- C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\118776b114d3fb8232e07fce421214b0N.exe"
  2⤵
  PID:10656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian beast horse full movie upskirt (Christine).mpeg.exe

Filesize
396KB

MD5
ef277f301c39ff06d682ad21bb12029d

SHA1
8c6929c30bebba509e8321e5dffed95901f0d473

SHA256
f237960d45a11e6f14e8d37b243e2665ede1828e559feee60e3dfdfdf91bdf69

SHA512
58b0d845049c878eeaf251f10cf3ad99cfde27ae890cdd8ef373ef9ab59e0a3cff50f7ca6c70f5ae214a492576f8731d4c05dfc200ec2cccdcdf31f676e88387

Download Submit
C:\debug.txt

Filesize
183B

MD5
3157391fe747223428d009ddef073158

SHA1
50b683a80715d5280571bd522db6bc6365f900bd

SHA256
02cd60b367f60763c1eec74241b9a5fe9b83e5091b87a5b3e14d44f251b85311

SHA512
88759f6d849ab25879140d3ada31df22afc28697f31712729487c9a3a23ca258b003ebad485703f55c5eca82928c763469e2038323386dce624d7a8b5de689e4

Download Submit
memory/300-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/324-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/324-165-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/328-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/328-128-0x00000000020B0000-0x00000000020DB000-memory.dmp

Filesize
172KB

Download
memory/328-168-0x0000000004720000-0x000000000474B000-memory.dmp

Filesize
172KB

Download
memory/376-148-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/376-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/376-96-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/376-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/484-152-0x0000000004720000-0x000000000474B000-memory.dmp

Filesize
172KB

Download
memory/484-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/484-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-140-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/536-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/944-143-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/996-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/996-161-0x0000000004620000-0x000000000464B000-memory.dmp

Filesize
172KB

Download
memory/1012-159-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1012-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1156-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1448-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-162-0x0000000000530000-0x000000000055B000-memory.dmp

Filesize
172KB

Download
memory/1592-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1660-157-0x00000000045B0000-0x00000000045DB000-memory.dmp

Filesize
172KB

Download
memory/1760-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-131-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1760-106-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1772-142-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1772-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-177-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1832-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-132-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1860-158-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1896-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1896-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1908-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1908-117-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1908-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1956-163-0x00000000044F0000-0x000000000451B000-memory.dmp

Filesize
172KB

Download
memory/2032-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2156-164-0x00000000044C0000-0x00000000044EB000-memory.dmp

Filesize
172KB

Download
memory/2156-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-91-0x0000000005B90000-0x0000000005BBB000-memory.dmp

Filesize
172KB

Download
memory/2188-98-0x0000000005B90000-0x0000000005BBB000-memory.dmp

Filesize
172KB

Download
memory/2188-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-153-0x0000000005B90000-0x0000000005BBB000-memory.dmp

Filesize
172KB

Download
memory/2188-63-0x0000000005B90000-0x0000000005BBB000-memory.dmp

Filesize
172KB

Download
memory/2192-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2280-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2280-123-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/2280-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2392-154-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2392-122-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2392-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-126-0x0000000004600000-0x000000000462B000-memory.dmp

Filesize
172KB

Download
memory/2404-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2436-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2472-119-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/2472-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-107-0x0000000001E90000-0x0000000001EBB000-memory.dmp

Filesize
172KB

Download
memory/2520-129-0x0000000004600000-0x000000000462B000-memory.dmp

Filesize
172KB

Download
memory/2548-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2556-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2560-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2592-133-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2592-110-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2592-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2592-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2620-155-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2620-121-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2652-64-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2652-94-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2652-89-0x0000000004BC0000-0x0000000004BEB000-memory.dmp

Filesize
172KB

Download
memory/2652-147-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2656-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2688-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2732-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2732-182-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2744-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2760-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2884-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2884-174-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/2884-93-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/2884-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2884-137-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/3012-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3052-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3052-160-0x0000000004460000-0x000000000448B000-memory.dmp

Filesize
172KB

Download
memory/3060-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3060-145-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download