53be121f43c932ed055809941bf44cfcd127864de8022f0d5d7a09b11383e5f6

Analysis

max time kernel
17s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0bab4b66bd34520d54710df167f490N.exe
Size

1.2MB
MD5

4f0bab4b66bd34520d54710df167f490
SHA1

277b85a36a5224e6e04376d4296aebd522ea584b
SHA256

53be121f43c932ed055809941bf44cfcd127864de8022f0d5d7a09b11383e5f6
SHA512

5e7205cb118449f0a39487418724bec7426cc545fc013db394398dd90d3fd778d8524db48934004196a8367a2aac8092eda7c38f533a3af8bba6843c8fbba4ac
SSDEEP

24576:oWVhUEtkXl2UND+cXwyEs10imntO1VSKivKvnT:VR8vats10iJSKdnT

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4f0bab4b66bd34520d54710df167f490N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\B:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\I:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\K:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\M:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\N:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\P:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\Z:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\H:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\L:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\O:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\V:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\W:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\X:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\A:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\T:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\U:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\Y:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\E:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\G:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\J:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\R:	4f0bab4b66bd34520d54710df167f490N.exe
File opened (read-only)	\??\S:	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\american blowjob catfight boots (Liz,Anniston).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx full movie granny .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\IME\shared\american lesbian masturbation (Sandy).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish kicking [milf] .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\IME\shared\spanish animal gay public (Sonja).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\System32\DriverStore\Temp\lesbian hidden granny (Sandy).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian lesbian blowjob big bondage .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse [bangbus] .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black bukkake fucking voyeur legs .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse gay masturbation .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\asian animal [milf] shower .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish animal [free] feet .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american lingerie blowjob sleeping (Karin,Anniston).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Windows Journal\Templates\japanese kicking lesbian pregnant .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african blowjob horse voyeur .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore [milf] circumcision .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african lingerie xxx [milf] feet hotel (Jenna).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\british gang bang hardcore catfight nipples ejaculation .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm kicking masturbation .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Google\Temp\nude xxx girls shoes .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Google\Update\Download\cumshot handjob hot (!) lady .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files\DVD Maker\Shared\animal action [milf] boobs shoes (Liz,Sonja).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish cum fetish [milf] vagina .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian trambling [free] .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\action masturbation femdom (Tatjana).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay girls ¼ç .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gang bang animal big mature .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\animal horse [milf] hole .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\british animal lesbian uncut .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\lesbian big .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\InstallTemp\lesbian beastiality lesbian pregnant (Janette).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\gay [milf] boobs sm .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\canadian hardcore catfight .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang fetish full movie (Anniston).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american gang bang lesbian hidden (Gina,Britney).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian handjob cumshot big gorgeoushorny .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian gay handjob girls .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british hardcore animal catfight leather .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake lesbian mistress (Sandy).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\hardcore lesbian .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\american action kicking hidden hole blondie .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\spanish cum animal voyeur shoes (Jenna).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\japanese gang bang [milf] titts mature .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\british gang bang cum hot (!) (Sonja).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\horse lesbian hole pregnant .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\Downloaded Program Files\norwegian animal girls ash .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\black horse porn catfight .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse girls upskirt (Curtney,Jenna).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\tyrkish bukkake blowjob public titts .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian trambling fetish lesbian legs blondie .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\nude [milf] .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian xxx hardcore [free] penetration .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\bukkake hot (!) latex (Jade).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian sperm masturbation .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\blowjob uncut bedroom .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\tmp\lesbian [free] girly (Liz,Christine).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\asian sperm handjob lesbian nipples sweet .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\asian bukkake horse hot (!) legs ejaculation (Sonja).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\swedish animal horse masturbation boots .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian hardcore beastiality several models mistress .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\blowjob trambling licking vagina .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\russian bukkake xxx full movie boots .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\gay bukkake several models penetration .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\blowjob hardcore full movie boobs mistress (Melissa).mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\african porn public shoes .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black fucking girls mature .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french gay several models swallow (Sonja,Liz).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\cum lingerie voyeur ash (Ashley).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\kicking sperm [bangbus] .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian cum kicking full movie (Britney,Tatjana).rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\blowjob girls young .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\japanese fetish uncut mature (Sonja,Sonja).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\black porn girls titts blondie (Sandy).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\kicking [free] redhair (Liz,Janette).zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese fetish cumshot hot (!) wifey .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\lingerie beastiality hidden wifey .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish gang bang fetish full movie .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\temp\tyrkish porn masturbation legs (Kathrin,Sarah).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\trambling horse big .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob lesbian lesbian young .avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\PLA\Templates\norwegian lingerie hidden shoes .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake porn big feet .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian xxx big (Melissa,Jade).mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beastiality big .zip.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling blowjob hidden ìï .mpeg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\handjob beast uncut hairy (Karin,Gina).avi.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian lingerie voyeur glans blondie .mpg.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\malaysia beastiality bukkake [bangbus] ejaculation .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie [bangbus] girly .rar.exe	4f0bab4b66bd34520d54710df167f490N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 50 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f0bab4b66bd34520d54710df167f490N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2420	4f0bab4b66bd34520d54710df167f490N.exe
2764	4f0bab4b66bd34520d54710df167f490N.exe
2420	4f0bab4b66bd34520d54710df167f490N.exe
2008	4f0bab4b66bd34520d54710df167f490N.exe
2292	4f0bab4b66bd34520d54710df167f490N.exe
2764	4f0bab4b66bd34520d54710df167f490N.exe
2420	4f0bab4b66bd34520d54710df167f490N.exe
848	4f0bab4b66bd34520d54710df167f490N.exe
1128	4f0bab4b66bd34520d54710df167f490N.exe
2696	4f0bab4b66bd34520d54710df167f490N.exe
2008	4f0bab4b66bd34520d54710df167f490N.exe
1912	4f0bab4b66bd34520d54710df167f490N.exe
2764	4f0bab4b66bd34520d54710df167f490N.exe
2292	4f0bab4b66bd34520d54710df167f490N.exe
2420	4f0bab4b66bd34520d54710df167f490N.exe
2356	4f0bab4b66bd34520d54710df167f490N.exe
624	4f0bab4b66bd34520d54710df167f490N.exe
2368	4f0bab4b66bd34520d54710df167f490N.exe
848	4f0bab4b66bd34520d54710df167f490N.exe
2676	4f0bab4b66bd34520d54710df167f490N.exe
2008	4f0bab4b66bd34520d54710df167f490N.exe
1128	4f0bab4b66bd34520d54710df167f490N.exe
2784	4f0bab4b66bd34520d54710df167f490N.exe
2696	4f0bab4b66bd34520d54710df167f490N.exe
2036	4f0bab4b66bd34520d54710df167f490N.exe
1528	4f0bab4b66bd34520d54710df167f490N.exe
2764	4f0bab4b66bd34520d54710df167f490N.exe
2944	4f0bab4b66bd34520d54710df167f490N.exe
1912	4f0bab4b66bd34520d54710df167f490N.exe
2292	4f0bab4b66bd34520d54710df167f490N.exe
2420	4f0bab4b66bd34520d54710df167f490N.exe
2440	4f0bab4b66bd34520d54710df167f490N.exe
2580	4f0bab4b66bd34520d54710df167f490N.exe
2256	4f0bab4b66bd34520d54710df167f490N.exe
624	4f0bab4b66bd34520d54710df167f490N.exe
264	4f0bab4b66bd34520d54710df167f490N.exe
2308	4f0bab4b66bd34520d54710df167f490N.exe
1300	4f0bab4b66bd34520d54710df167f490N.exe
2356	4f0bab4b66bd34520d54710df167f490N.exe
2368	4f0bab4b66bd34520d54710df167f490N.exe
2764	4f0bab4b66bd34520d54710df167f490N.exe
848	4f0bab4b66bd34520d54710df167f490N.exe
2952	4f0bab4b66bd34520d54710df167f490N.exe
2008	4f0bab4b66bd34520d54710df167f490N.exe
2676	4f0bab4b66bd34520d54710df167f490N.exe
1128	4f0bab4b66bd34520d54710df167f490N.exe
2696	4f0bab4b66bd34520d54710df167f490N.exe
2784	4f0bab4b66bd34520d54710df167f490N.exe
2036	4f0bab4b66bd34520d54710df167f490N.exe
2948	4f0bab4b66bd34520d54710df167f490N.exe
800	4f0bab4b66bd34520d54710df167f490N.exe
2248	4f0bab4b66bd34520d54710df167f490N.exe
1528	4f0bab4b66bd34520d54710df167f490N.exe
1528	4f0bab4b66bd34520d54710df167f490N.exe
1768	4f0bab4b66bd34520d54710df167f490N.exe
1768	4f0bab4b66bd34520d54710df167f490N.exe
1328	4f0bab4b66bd34520d54710df167f490N.exe
1328	4f0bab4b66bd34520d54710df167f490N.exe
1868	4f0bab4b66bd34520d54710df167f490N.exe
1868	4f0bab4b66bd34520d54710df167f490N.exe
1356	4f0bab4b66bd34520d54710df167f490N.exe
592	4f0bab4b66bd34520d54710df167f490N.exe
1356	4f0bab4b66bd34520d54710df167f490N.exe
592	4f0bab4b66bd34520d54710df167f490N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2764	2420	4f0bab4b66bd34520d54710df167f490N.exe	31
PID 2420 wrote to memory of 2764	2420	4f0bab4b66bd34520d54710df167f490N.exe	31
PID 2420 wrote to memory of 2764	2420	4f0bab4b66bd34520d54710df167f490N.exe	31
PID 2420 wrote to memory of 2764	2420	4f0bab4b66bd34520d54710df167f490N.exe	31
PID 2764 wrote to memory of 2008	2764	4f0bab4b66bd34520d54710df167f490N.exe	32
PID 2764 wrote to memory of 2008	2764	4f0bab4b66bd34520d54710df167f490N.exe	32
PID 2764 wrote to memory of 2008	2764	4f0bab4b66bd34520d54710df167f490N.exe	32
PID 2764 wrote to memory of 2008	2764	4f0bab4b66bd34520d54710df167f490N.exe	32
PID 2420 wrote to memory of 2292	2420	4f0bab4b66bd34520d54710df167f490N.exe	33
PID 2420 wrote to memory of 2292	2420	4f0bab4b66bd34520d54710df167f490N.exe	33
PID 2420 wrote to memory of 2292	2420	4f0bab4b66bd34520d54710df167f490N.exe	33
PID 2420 wrote to memory of 2292	2420	4f0bab4b66bd34520d54710df167f490N.exe	33
PID 2008 wrote to memory of 848	2008	4f0bab4b66bd34520d54710df167f490N.exe	34
PID 2008 wrote to memory of 848	2008	4f0bab4b66bd34520d54710df167f490N.exe	34
PID 2008 wrote to memory of 848	2008	4f0bab4b66bd34520d54710df167f490N.exe	34
PID 2008 wrote to memory of 848	2008	4f0bab4b66bd34520d54710df167f490N.exe	34
PID 2292 wrote to memory of 1128	2292	4f0bab4b66bd34520d54710df167f490N.exe	35
PID 2292 wrote to memory of 1128	2292	4f0bab4b66bd34520d54710df167f490N.exe	35
PID 2292 wrote to memory of 1128	2292	4f0bab4b66bd34520d54710df167f490N.exe	35
PID 2292 wrote to memory of 1128	2292	4f0bab4b66bd34520d54710df167f490N.exe	35
PID 2764 wrote to memory of 2696	2764	4f0bab4b66bd34520d54710df167f490N.exe	36
PID 2764 wrote to memory of 2696	2764	4f0bab4b66bd34520d54710df167f490N.exe	36
PID 2764 wrote to memory of 2696	2764	4f0bab4b66bd34520d54710df167f490N.exe	36
PID 2764 wrote to memory of 2696	2764	4f0bab4b66bd34520d54710df167f490N.exe	36
PID 2420 wrote to memory of 1912	2420	4f0bab4b66bd34520d54710df167f490N.exe	37
PID 2420 wrote to memory of 1912	2420	4f0bab4b66bd34520d54710df167f490N.exe	37
PID 2420 wrote to memory of 1912	2420	4f0bab4b66bd34520d54710df167f490N.exe	37
PID 2420 wrote to memory of 1912	2420	4f0bab4b66bd34520d54710df167f490N.exe	37
PID 848 wrote to memory of 2356	848	4f0bab4b66bd34520d54710df167f490N.exe	38
PID 848 wrote to memory of 2356	848	4f0bab4b66bd34520d54710df167f490N.exe	38
PID 848 wrote to memory of 2356	848	4f0bab4b66bd34520d54710df167f490N.exe	38
PID 848 wrote to memory of 2356	848	4f0bab4b66bd34520d54710df167f490N.exe	38
PID 1128 wrote to memory of 624	1128	4f0bab4b66bd34520d54710df167f490N.exe	39
PID 1128 wrote to memory of 624	1128	4f0bab4b66bd34520d54710df167f490N.exe	39
PID 1128 wrote to memory of 624	1128	4f0bab4b66bd34520d54710df167f490N.exe	39
PID 1128 wrote to memory of 624	1128	4f0bab4b66bd34520d54710df167f490N.exe	39
PID 2008 wrote to memory of 2368	2008	4f0bab4b66bd34520d54710df167f490N.exe	40
PID 2008 wrote to memory of 2368	2008	4f0bab4b66bd34520d54710df167f490N.exe	40
PID 2008 wrote to memory of 2368	2008	4f0bab4b66bd34520d54710df167f490N.exe	40
PID 2008 wrote to memory of 2368	2008	4f0bab4b66bd34520d54710df167f490N.exe	40
PID 2696 wrote to memory of 2676	2696	4f0bab4b66bd34520d54710df167f490N.exe	41
PID 2696 wrote to memory of 2676	2696	4f0bab4b66bd34520d54710df167f490N.exe	41
PID 2696 wrote to memory of 2676	2696	4f0bab4b66bd34520d54710df167f490N.exe	41
PID 2696 wrote to memory of 2676	2696	4f0bab4b66bd34520d54710df167f490N.exe	41
PID 2764 wrote to memory of 2036	2764	4f0bab4b66bd34520d54710df167f490N.exe	42
PID 2764 wrote to memory of 2036	2764	4f0bab4b66bd34520d54710df167f490N.exe	42
PID 2764 wrote to memory of 2036	2764	4f0bab4b66bd34520d54710df167f490N.exe	42
PID 2764 wrote to memory of 2036	2764	4f0bab4b66bd34520d54710df167f490N.exe	42
PID 1912 wrote to memory of 2784	1912	4f0bab4b66bd34520d54710df167f490N.exe	43
PID 1912 wrote to memory of 2784	1912	4f0bab4b66bd34520d54710df167f490N.exe	43
PID 1912 wrote to memory of 2784	1912	4f0bab4b66bd34520d54710df167f490N.exe	43
PID 1912 wrote to memory of 2784	1912	4f0bab4b66bd34520d54710df167f490N.exe	43
PID 2292 wrote to memory of 1528	2292	4f0bab4b66bd34520d54710df167f490N.exe	44
PID 2292 wrote to memory of 1528	2292	4f0bab4b66bd34520d54710df167f490N.exe	44
PID 2292 wrote to memory of 1528	2292	4f0bab4b66bd34520d54710df167f490N.exe	44
PID 2292 wrote to memory of 1528	2292	4f0bab4b66bd34520d54710df167f490N.exe	44
PID 2420 wrote to memory of 2944	2420	4f0bab4b66bd34520d54710df167f490N.exe	45
PID 2420 wrote to memory of 2944	2420	4f0bab4b66bd34520d54710df167f490N.exe	45
PID 2420 wrote to memory of 2944	2420	4f0bab4b66bd34520d54710df167f490N.exe	45
PID 2420 wrote to memory of 2944	2420	4f0bab4b66bd34520d54710df167f490N.exe	45
PID 624 wrote to memory of 2440	624	4f0bab4b66bd34520d54710df167f490N.exe	46
PID 624 wrote to memory of 2440	624	4f0bab4b66bd34520d54710df167f490N.exe	46
PID 624 wrote to memory of 2440	624	4f0bab4b66bd34520d54710df167f490N.exe	46
PID 624 wrote to memory of 2440	624	4f0bab4b66bd34520d54710df167f490N.exe	46

C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
"C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        10⤵
        
        PID:20112
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        10⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:20896
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20004
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20012
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21828
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22304
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:22380
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20072
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19956
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21820
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:20356
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:19988
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:22348
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:21672
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:22328
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19964
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21664
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20336
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:21680
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20080
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20088
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:20532
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22364
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22428
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21696
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:19996
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22356
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22420
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15192
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20512
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22088
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15200
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13552
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20504
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:15616
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:20520
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        9⤵
        
        PID:21688
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20040
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:20032
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:21520
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22412
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19972
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20096
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20056
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20104
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15256
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:19980
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20348
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20064
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22340
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:22320
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15096
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15448
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6216
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:9856
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:15368
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:21712
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15508
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:22312
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:22104
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15304
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6200
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:10740
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        6⤵
        
        PID:20904
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:22080
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13804
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:20020
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:11672
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:15496
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
        5⤵
        
        PID:20048
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15564
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:13268
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:22372
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:14204
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
      4⤵
      PID:15928
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:15336
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:10724
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:6208
- - C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
    3⤵
    PID:13132
- C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0bab4b66bd34520d54710df167f490N.exe"
  2⤵
  PID:13164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\asian animal [milf] shower .rar.exe

Filesize
1.9MB

MD5
774b014b63c61a0e64f9d7c598853a2c

SHA1
60cf537e258fc81a710bcdb1a60068e1dc92ebb2

SHA256
52c4c8c47cc2e011cb31eb30abb2fe7dc239d033a9a5a0ca9466876a7d97247c

SHA512
b130db15e488afb0943bbf3483f58eb2968eb2b1f2c501f498ce8a4d3fae136921c29f5c92fda3588c32967ea9ef3d6e4e0f7012cf0b57218a62c6fd9f1c4844

Download Submit
C:\debug.txt

Filesize
183B

MD5
6fa5ea0c17543c92418791469e578ddd

SHA1
33da4c5e08539bcf93a2c7b72704929b76c8a5e0

SHA256
9d1b454fe5ecca4872d4bfde2f7f871d0ccf13eb6bc4e22323ffea7f932d2643

SHA512
5288e1e2e320d5793959797f45f9ab0504df7029cff15acb8cf94138f02b51399f0db1fd9ed1971fd9ac974c1bdbf486ffad0752102d9282f6caa05643243b61

Download Submit