69894d1e944290f9eb0c4928390176e2f69cfae083fc010fd6a5d3421d80bbc9

Analysis

max time kernel
18s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ed28304d64274af0b0b2a26cfd544d0N.exe
Size

1.2MB
MD5

1ed28304d64274af0b0b2a26cfd544d0
SHA1

ebc9b9cfa6a70d3ca6804eed67b860410a25dcb8
SHA256

69894d1e944290f9eb0c4928390176e2f69cfae083fc010fd6a5d3421d80bbc9
SHA512

7b4c1418ee4882bfcdd631f57e20ab59b175787b559b8232c1e0f11c38773415e22acf0658c079f0a3758c2f539715a0536a6f99241bb36ac84e23ad433ade82
SSDEEP

24576:2wiSc7OFbZmXxCtM/wopdFlKZU3IOQC5QQ+djKz8qcjDMu0MlxI:h0CRoXiMYozSU397mQ+RCODagI

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1ed28304d64274af0b0b2a26cfd544d0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\L:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\M:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\R:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\G:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\O:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\Q:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\U:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\Y:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\V:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\W:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\B:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\H:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\K:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\N:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\P:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\T:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\Z:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\A:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\I:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\J:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\S:	1ed28304d64274af0b0b2a26cfd544d0N.exe
File opened (read-only)	\??\X:	1ed28304d64274af0b0b2a26cfd544d0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\black cumshot sperm masturbation feet shoes (Karin).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black horse hardcore voyeur feet bondage (Janette).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot bukkake voyeur circumcision .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay big bedroom .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian handjob gay hidden feet .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish porn hardcore [milf] latex .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish cumshot beast [milf] sweet .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish animal blowjob voyeur .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm big (Liz).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob [milf] 50+ .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\indian beastiality trambling hot (!) sm .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish animal bukkake sleeping hole .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lingerie licking titts balls .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\horse big leather (Gina,Karin).mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files\Windows Journal\Templates\italian cum beast hidden glans latex .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese nude blowjob [free] (Janette).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian nude hardcore licking .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish nude hardcore voyeur glans .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian beastiality sperm girls traffic .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian cumshot gay public cock (Sonja,Karin).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot sperm [bangbus] latex .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\swedish handjob xxx public glans sweet .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling voyeur titts .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian animal hardcore [milf] (Melissa).mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie sleeping leather .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian gang bang trambling girls glans .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\porn beast voyeur .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british sperm catfight cock bondage (Melissa).zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\black action trambling hidden .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese animal horse big .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french blowjob hot (!) penetration .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish beast uncut feet ejaculation .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian animal bukkake sleeping shoes .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese cumshot hardcore licking .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish cumshot gay big feet boots (Curtney).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\action horse uncut .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black handjob lingerie public cock bedroom (Melissa).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french hardcore several models .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\action lesbian [bangbus] cock shoes .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\beastiality hardcore [bangbus] castration .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german lesbian voyeur shoes .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\animal hardcore hot (!) circumcision .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\japanese animal lingerie [free] (Jade).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese fetish lesbian catfight leather .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling [milf] (Sylvia).mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\german lesbian full movie 50+ (Sonja,Samantha).zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\african xxx voyeur cock wifey .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\kicking beast big shoes .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\american kicking trambling girls mistress .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\danish porn lesbian catfight feet .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\brasilian nude trambling masturbation hole .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beastiality trambling hot (!) .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gay uncut balls .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\security\templates\indian porn xxx girls (Karin).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british lesbian voyeur titts .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\british fucking several models titts .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\fucking [milf] leather .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling [bangbus] swallow (Gina,Sarah).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian horse trambling hidden swallow .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish fetish xxx masturbation 40+ (Christine,Curtney).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese horse masturbation feet sweet .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\porn bukkake masturbation (Janette).rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\trambling licking glans .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish nude gay several models traffic .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian gang bang lesbian big feet .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese porn bukkake [bangbus] .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\animal lingerie big hole blondie .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\tyrkish cumshot blowjob uncut granny (Anniston,Sylvia).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian fucking public hole .rar.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british lingerie [bangbus] femdom .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\sperm hidden glans .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\temp\lingerie public feet (Britney,Jade).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish fetish fucking hot (!) .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black cum gay big .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\action fucking public cock .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\french bukkake sleeping hole girly .mpg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black action gay hot (!) sweet .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\asian xxx sleeping leather .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\swedish animal beast masturbation feet ejaculation (Jade).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bukkake several models glans mature (Karin).mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\tmp\hardcore [free] (Melissa).mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\Downloaded Program Files\american action lesbian sleeping (Sarah).avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american gang bang lingerie girls glans fishy .avi.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\black nude horse uncut .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\handjob blowjob lesbian latex .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse uncut hole .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling lesbian ash .zip.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish nude beast licking .mpeg.exe	1ed28304d64274af0b0b2a26cfd544d0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ed28304d64274af0b0b2a26cfd544d0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2648	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
2648	1ed28304d64274af0b0b2a26cfd544d0N.exe
644	1ed28304d64274af0b0b2a26cfd544d0N.exe
1744	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
2648	1ed28304d64274af0b0b2a26cfd544d0N.exe
2124	1ed28304d64274af0b0b2a26cfd544d0N.exe
1312	1ed28304d64274af0b0b2a26cfd544d0N.exe
1716	1ed28304d64274af0b0b2a26cfd544d0N.exe
644	1ed28304d64274af0b0b2a26cfd544d0N.exe
1388	1ed28304d64274af0b0b2a26cfd544d0N.exe
1744	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
2648	1ed28304d64274af0b0b2a26cfd544d0N.exe
2456	1ed28304d64274af0b0b2a26cfd544d0N.exe
2124	1ed28304d64274af0b0b2a26cfd544d0N.exe
2540	1ed28304d64274af0b0b2a26cfd544d0N.exe
2864	1ed28304d64274af0b0b2a26cfd544d0N.exe
1312	1ed28304d64274af0b0b2a26cfd544d0N.exe
644	1ed28304d64274af0b0b2a26cfd544d0N.exe
2208	1ed28304d64274af0b0b2a26cfd544d0N.exe
352	1ed28304d64274af0b0b2a26cfd544d0N.exe
1964	1ed28304d64274af0b0b2a26cfd544d0N.exe
1388	1ed28304d64274af0b0b2a26cfd544d0N.exe
1716	1ed28304d64274af0b0b2a26cfd544d0N.exe
1104	1ed28304d64274af0b0b2a26cfd544d0N.exe
1496	1ed28304d64274af0b0b2a26cfd544d0N.exe
1744	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
2648	1ed28304d64274af0b0b2a26cfd544d0N.exe
2052	1ed28304d64274af0b0b2a26cfd544d0N.exe
2128	1ed28304d64274af0b0b2a26cfd544d0N.exe
2456	1ed28304d64274af0b0b2a26cfd544d0N.exe
2380	1ed28304d64274af0b0b2a26cfd544d0N.exe
1536	1ed28304d64274af0b0b2a26cfd544d0N.exe
2260	1ed28304d64274af0b0b2a26cfd544d0N.exe
1764	1ed28304d64274af0b0b2a26cfd544d0N.exe
2124	1ed28304d64274af0b0b2a26cfd544d0N.exe
2864	1ed28304d64274af0b0b2a26cfd544d0N.exe
2540	1ed28304d64274af0b0b2a26cfd544d0N.exe
1404	1ed28304d64274af0b0b2a26cfd544d0N.exe
1312	1ed28304d64274af0b0b2a26cfd544d0N.exe
644	1ed28304d64274af0b0b2a26cfd544d0N.exe
644	1ed28304d64274af0b0b2a26cfd544d0N.exe
1624	1ed28304d64274af0b0b2a26cfd544d0N.exe
1624	1ed28304d64274af0b0b2a26cfd544d0N.exe
1388	1ed28304d64274af0b0b2a26cfd544d0N.exe
1388	1ed28304d64274af0b0b2a26cfd544d0N.exe
1716	1ed28304d64274af0b0b2a26cfd544d0N.exe
1716	1ed28304d64274af0b0b2a26cfd544d0N.exe
920	1ed28304d64274af0b0b2a26cfd544d0N.exe
920	1ed28304d64274af0b0b2a26cfd544d0N.exe
908	1ed28304d64274af0b0b2a26cfd544d0N.exe
908	1ed28304d64274af0b0b2a26cfd544d0N.exe
1952	1ed28304d64274af0b0b2a26cfd544d0N.exe
1952	1ed28304d64274af0b0b2a26cfd544d0N.exe
1804	1ed28304d64274af0b0b2a26cfd544d0N.exe
1804	1ed28304d64274af0b0b2a26cfd544d0N.exe
1064	1ed28304d64274af0b0b2a26cfd544d0N.exe
1064	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
2800	1ed28304d64274af0b0b2a26cfd544d0N.exe
1744	1ed28304d64274af0b0b2a26cfd544d0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2800	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	30
PID 2648 wrote to memory of 2800	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	30
PID 2648 wrote to memory of 2800	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	30
PID 2648 wrote to memory of 2800	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	30
PID 2800 wrote to memory of 644	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	31
PID 2800 wrote to memory of 644	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	31
PID 2800 wrote to memory of 644	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	31
PID 2800 wrote to memory of 644	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	31
PID 2648 wrote to memory of 1744	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	32
PID 2648 wrote to memory of 1744	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	32
PID 2648 wrote to memory of 1744	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	32
PID 2648 wrote to memory of 1744	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	32
PID 644 wrote to memory of 2124	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	33
PID 644 wrote to memory of 2124	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	33
PID 644 wrote to memory of 2124	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	33
PID 644 wrote to memory of 2124	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	33
PID 1744 wrote to memory of 1716	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	34
PID 1744 wrote to memory of 1716	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	34
PID 1744 wrote to memory of 1716	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	34
PID 1744 wrote to memory of 1716	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	34
PID 2800 wrote to memory of 1312	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	35
PID 2800 wrote to memory of 1312	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	35
PID 2800 wrote to memory of 1312	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	35
PID 2800 wrote to memory of 1312	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	35
PID 2648 wrote to memory of 1388	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	36
PID 2648 wrote to memory of 1388	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	36
PID 2648 wrote to memory of 1388	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	36
PID 2648 wrote to memory of 1388	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	36
PID 2124 wrote to memory of 2456	2124	1ed28304d64274af0b0b2a26cfd544d0N.exe	37
PID 2124 wrote to memory of 2456	2124	1ed28304d64274af0b0b2a26cfd544d0N.exe	37
PID 2124 wrote to memory of 2456	2124	1ed28304d64274af0b0b2a26cfd544d0N.exe	37
PID 2124 wrote to memory of 2456	2124	1ed28304d64274af0b0b2a26cfd544d0N.exe	37
PID 1312 wrote to memory of 2540	1312	1ed28304d64274af0b0b2a26cfd544d0N.exe	38
PID 1312 wrote to memory of 2540	1312	1ed28304d64274af0b0b2a26cfd544d0N.exe	38
PID 1312 wrote to memory of 2540	1312	1ed28304d64274af0b0b2a26cfd544d0N.exe	38
PID 1312 wrote to memory of 2540	1312	1ed28304d64274af0b0b2a26cfd544d0N.exe	38
PID 644 wrote to memory of 2864	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	39
PID 644 wrote to memory of 2864	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	39
PID 644 wrote to memory of 2864	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	39
PID 644 wrote to memory of 2864	644	1ed28304d64274af0b0b2a26cfd544d0N.exe	39
PID 1388 wrote to memory of 2208	1388	1ed28304d64274af0b0b2a26cfd544d0N.exe	40
PID 1388 wrote to memory of 2208	1388	1ed28304d64274af0b0b2a26cfd544d0N.exe	40
PID 1388 wrote to memory of 2208	1388	1ed28304d64274af0b0b2a26cfd544d0N.exe	40
PID 1388 wrote to memory of 2208	1388	1ed28304d64274af0b0b2a26cfd544d0N.exe	40
PID 1716 wrote to memory of 1104	1716	1ed28304d64274af0b0b2a26cfd544d0N.exe	41
PID 1716 wrote to memory of 1104	1716	1ed28304d64274af0b0b2a26cfd544d0N.exe	41
PID 1716 wrote to memory of 1104	1716	1ed28304d64274af0b0b2a26cfd544d0N.exe	41
PID 1716 wrote to memory of 1104	1716	1ed28304d64274af0b0b2a26cfd544d0N.exe	41
PID 1744 wrote to memory of 352	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	42
PID 1744 wrote to memory of 352	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	42
PID 1744 wrote to memory of 352	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	42
PID 1744 wrote to memory of 352	1744	1ed28304d64274af0b0b2a26cfd544d0N.exe	42
PID 2800 wrote to memory of 1496	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	43
PID 2800 wrote to memory of 1496	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	43
PID 2800 wrote to memory of 1496	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	43
PID 2800 wrote to memory of 1496	2800	1ed28304d64274af0b0b2a26cfd544d0N.exe	43
PID 2648 wrote to memory of 1964	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	44
PID 2648 wrote to memory of 1964	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	44
PID 2648 wrote to memory of 1964	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	44
PID 2648 wrote to memory of 1964	2648	1ed28304d64274af0b0b2a26cfd544d0N.exe	44
PID 2456 wrote to memory of 2052	2456	1ed28304d64274af0b0b2a26cfd544d0N.exe	45
PID 2456 wrote to memory of 2052	2456	1ed28304d64274af0b0b2a26cfd544d0N.exe	45
PID 2456 wrote to memory of 2052	2456	1ed28304d64274af0b0b2a26cfd544d0N.exe	45
PID 2456 wrote to memory of 2052	2456	1ed28304d64274af0b0b2a26cfd544d0N.exe	45

C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
"C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        10⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        10⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:19140
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:20292
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:19060
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:19600
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18660
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18692
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:20160
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18676
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18652
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19092
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:20264
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18620
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:19052
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19920
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19868
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19664
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18700
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:20240
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        9⤵
        
        PID:20428
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:19648
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18780
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19172
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19632
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19944
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19712
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19484
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:20256
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18596
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19132
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20208
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18732
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20284
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19912
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19492
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:20232
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19928
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20112
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18572
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19680
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:20508
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18740
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19760
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18756
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18900
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19672
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19476
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19084
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18788
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20200
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19608
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:16508
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19720
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19656
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18528
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:344
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20552
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19012
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20488
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:20128
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:20144
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:9232
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:18796
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        8⤵
        
        PID:19468
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19560
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:20224
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19552
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19688
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19388
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18564
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19396
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20152
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19784
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19380
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20136
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19904
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:20272
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19800
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:352
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:19728
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19188
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19640
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19616
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19696
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19520
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19880
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19028
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19624
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:9224
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:11768
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:18716
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1388
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        7⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18948
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18964
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19544
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:18580
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19044
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20184
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19508
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18684
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19148
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19592
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:8548
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:18988
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20300
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19528
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:19776
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18764
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:18556
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19116
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:10692
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:18932
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:20248
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:2628
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19736
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:19888
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3132
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
        5⤵
        
        PID:20496
  - - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
      4⤵
      PID:19768
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:7336
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:11184
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:19584
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:8108
- - C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
    3⤵
    PID:19036
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  PID:6336
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  PID:11000
- C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ed28304d64274af0b0b2a26cfd544d0N.exe"
  2⤵
  PID:19568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot sperm [bangbus] latex .mpg.exe

Filesize
897KB

MD5
55edc766434f117b876b4a24ca9c4d4c

SHA1
6ccf17b5e28a36ea25ba63f6a84a6c08400ce2a5

SHA256
754aacbbb28c230ed93e22ca525173d029a6598b96bc287a12b72700c3166ef8

SHA512
66432018e8c635bec5729eb115b6df3db379211d6332348732b1118ce8f36e5af7bf2294788434d72c3d1cb59839cce4f13799c125adfdd75f18b0069117d74c

Download Submit
C:\debug.txt

Filesize
183B

MD5
979dd6a75eb284c4d41d8fae5247a8ae

SHA1
034fbc0caa11fd5a0ea707cabb25d71dc1afffa2

SHA256
3bf717a03578413f5b3d98def3b5b1d49a0a58b0b29f47efcf49156a3e8f03f9

SHA512
84b268ac91e0f7b0f5f23e99bdfcf84381132ef0d588e41ff1c4f651a7cdb18ae549bbd74c14aa7fb9cc7c50e67243f0220bc4888e2dd8c10fd0741fd5379e6c

Download Submit