d6e9ec66f70ef231c2512e9a1041682ad0af0c3512a09c532d58814142fb380b

Analysis

max time kernel
23s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 02:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58d83840c540b3df63edbec63073f780N.exe
Size

1.6MB
MD5

58d83840c540b3df63edbec63073f780
SHA1

c38baadcaf10a87e3db12c6c85d5b2209e47cc14
SHA256

d6e9ec66f70ef231c2512e9a1041682ad0af0c3512a09c532d58814142fb380b
SHA512

f8dc948e3200c2a99589c0f5df518efa260094f16d4bc02cfeb7a362bc2fc6059f4f100a10a4a765558f7b8f294dd32779b4b522f180272c5fb352eee840332f
SSDEEP

49152:Bh2dtuuMFcAx57GFiO79Ivb/lLjKmU/LapwVKbNQRaH9lZzB3Y:OdtFAA7ub/dHW26KbNjlNB3Y

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	58d83840c540b3df63edbec63073f780N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\H:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\L:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\M:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\P:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\U:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\X:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\G:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\J:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\O:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\S:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\Z:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\V:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\B:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\E:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\I:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\K:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\N:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\T:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\A:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\Q:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\R:	58d83840c540b3df63edbec63073f780N.exe
File opened (read-only)	\??\W:	58d83840c540b3df63edbec63073f780N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\trambling sleeping (Ashley).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake lingerie [free] fishy (Samantha,Jade).mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\System32\DriverStore\Temp\african cumshot [free] cock gorgeoushorny (Sandy,Britney).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang [bangbus] hole (Jade).mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african nude fetish girls upskirt .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\IME\shared\german cum hot (!) balls (Tatjana).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian nude hot (!) black hairunshaved (Ashley).mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\IME\shared\handjob [free] (Ashley).rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian [milf] nipples mature .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish cum hardcore [bangbus] boobs shower .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\italian porn beastiality hidden .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Google\Temp\american bukkake xxx full movie ejaculation .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\canadian kicking masturbation beautyfull .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files\Windows Journal\Templates\action handjob catfight glans bedroom .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\french action action catfight cock .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\chinese nude hardcore [free] hole .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian horse hardcore sleeping balls .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia nude gang bang big (Christine,Anniston).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Google\Update\Download\cum beast girls .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake licking .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\cumshot [free] latex (Samantha,Tatjana).avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\kicking big (Jenna,Jade).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian lingerie xxx [milf] ash .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse voyeur (Melissa).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish hardcore horse sleeping feet .rar.exe	58d83840c540b3df63edbec63073f780N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian sperm blowjob sleeping (Sarah,Britney).mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beastiality animal [bangbus] nipples (Jade,Sarah).mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german horse hot (!) latex (Samantha).mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\french horse beastiality licking ìï .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia hardcore hidden .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse lesbian swallow .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german horse voyeur lady (Britney).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\PLA\Templates\russian lingerie hot (!) .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\russian gay girls glans swallow .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\chinese fetish [bangbus] latex .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\bukkake beastiality masturbation .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\nude gang bang lesbian latex .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\brasilian fetish big ash 40+ .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish masturbation boobs gorgeoushorny .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french animal [bangbus] shoes .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian horse lesbian sleeping feet .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\danish handjob masturbation 40+ .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\russian lingerie big hole granny .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\black beastiality lesbian 50+ .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\asian nude uncut ash circumcision .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\chinese beast licking hole traffic .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\mssrv.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian hardcore [milf] shoes .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\indian lingerie beast uncut .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia horse licking ìï .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\american gang bang sleeping leather .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\asian gay sperm masturbation .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\asian fucking big .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french animal xxx [free] beautyfull .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\indian blowjob trambling catfight boobs .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\american beastiality hidden pregnant (Janette,Samantha).mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cum gay big hole wifey .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob girls ash .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\action cum hidden ash sweet .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gay [milf] (Ashley,Britney).zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\sperm handjob sleeping beautyfull (Melissa,Kathrin).rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lesbian catfight .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\chinese lingerie sperm catfight ash (Jade).avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\kicking blowjob several models feet femdom .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beast bukkake girls stockings (Liz).avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french action beastiality licking blondie (Britney,Ashley).rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beast bukkake full movie lady .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm hardcore [milf] .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\action uncut wifey .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\tmp\lingerie [bangbus] sweet .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british fetish [free] granny .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\brasilian beastiality fucking [free] .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish action lesbian hidden black hairunshaved .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot [free] nipples sm .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\british sperm animal uncut legs .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\hardcore voyeur black hairunshaved (Karin).rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\indian sperm [bangbus] traffic .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang masturbation hole stockings .mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\security\templates\asian action [free] mistress .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian gang bang lesbian girls .avi.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black hardcore horse [milf] feet .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gay horse [free] legs circumcision .rar.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\sperm nude [bangbus] vagina circumcision .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\black lingerie gay lesbian (Karin,Gina).mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\gay licking mistress .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling action public (Sarah,Karin).mpeg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie beastiality [bangbus] blondie .mpg.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\nude licking upskirt .zip.exe	58d83840c540b3df63edbec63073f780N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\lesbian beast girls (Liz).zip.exe	58d83840c540b3df63edbec63073f780N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58d83840c540b3df63edbec63073f780N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2996	58d83840c540b3df63edbec63073f780N.exe
2772	58d83840c540b3df63edbec63073f780N.exe
2996	58d83840c540b3df63edbec63073f780N.exe
2668	58d83840c540b3df63edbec63073f780N.exe
1880	58d83840c540b3df63edbec63073f780N.exe
2772	58d83840c540b3df63edbec63073f780N.exe
2996	58d83840c540b3df63edbec63073f780N.exe
3032	58d83840c540b3df63edbec63073f780N.exe
1788	58d83840c540b3df63edbec63073f780N.exe
2668	58d83840c540b3df63edbec63073f780N.exe
2372	58d83840c540b3df63edbec63073f780N.exe
2892	58d83840c540b3df63edbec63073f780N.exe
1880	58d83840c540b3df63edbec63073f780N.exe
2772	58d83840c540b3df63edbec63073f780N.exe
2996	58d83840c540b3df63edbec63073f780N.exe
1836	58d83840c540b3df63edbec63073f780N.exe
1888	58d83840c540b3df63edbec63073f780N.exe
2144	58d83840c540b3df63edbec63073f780N.exe
3032	58d83840c540b3df63edbec63073f780N.exe
1824	58d83840c540b3df63edbec63073f780N.exe
2060	58d83840c540b3df63edbec63073f780N.exe
2892	58d83840c540b3df63edbec63073f780N.exe
2684	58d83840c540b3df63edbec63073f780N.exe
2604	58d83840c540b3df63edbec63073f780N.exe
2372	58d83840c540b3df63edbec63073f780N.exe
1880	58d83840c540b3df63edbec63073f780N.exe
2668	58d83840c540b3df63edbec63073f780N.exe
1788	58d83840c540b3df63edbec63073f780N.exe
2772	58d83840c540b3df63edbec63073f780N.exe
2496	58d83840c540b3df63edbec63073f780N.exe
2996	58d83840c540b3df63edbec63073f780N.exe
2208	58d83840c540b3df63edbec63073f780N.exe
2212	58d83840c540b3df63edbec63073f780N.exe
1888	58d83840c540b3df63edbec63073f780N.exe
2288	58d83840c540b3df63edbec63073f780N.exe
1836	58d83840c540b3df63edbec63073f780N.exe
3032	58d83840c540b3df63edbec63073f780N.exe
1824	58d83840c540b3df63edbec63073f780N.exe
2892	58d83840c540b3df63edbec63073f780N.exe
2144	58d83840c540b3df63edbec63073f780N.exe
2140	58d83840c540b3df63edbec63073f780N.exe
1528	58d83840c540b3df63edbec63073f780N.exe
1560	58d83840c540b3df63edbec63073f780N.exe
1340	58d83840c540b3df63edbec63073f780N.exe
1092	58d83840c540b3df63edbec63073f780N.exe
1880	58d83840c540b3df63edbec63073f780N.exe
2060	58d83840c540b3df63edbec63073f780N.exe
840	58d83840c540b3df63edbec63073f780N.exe
308	58d83840c540b3df63edbec63073f780N.exe
840	58d83840c540b3df63edbec63073f780N.exe
308	58d83840c540b3df63edbec63073f780N.exe
2028	58d83840c540b3df63edbec63073f780N.exe
2668	58d83840c540b3df63edbec63073f780N.exe
2668	58d83840c540b3df63edbec63073f780N.exe
2028	58d83840c540b3df63edbec63073f780N.exe
1336	58d83840c540b3df63edbec63073f780N.exe
1336	58d83840c540b3df63edbec63073f780N.exe
2684	58d83840c540b3df63edbec63073f780N.exe
2684	58d83840c540b3df63edbec63073f780N.exe
2588	58d83840c540b3df63edbec63073f780N.exe
2588	58d83840c540b3df63edbec63073f780N.exe
2372	58d83840c540b3df63edbec63073f780N.exe
2372	58d83840c540b3df63edbec63073f780N.exe
1788	58d83840c540b3df63edbec63073f780N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2772	2996	58d83840c540b3df63edbec63073f780N.exe	31
PID 2996 wrote to memory of 2772	2996	58d83840c540b3df63edbec63073f780N.exe	31
PID 2996 wrote to memory of 2772	2996	58d83840c540b3df63edbec63073f780N.exe	31
PID 2996 wrote to memory of 2772	2996	58d83840c540b3df63edbec63073f780N.exe	31
PID 2772 wrote to memory of 2668	2772	58d83840c540b3df63edbec63073f780N.exe	32
PID 2772 wrote to memory of 2668	2772	58d83840c540b3df63edbec63073f780N.exe	32
PID 2772 wrote to memory of 2668	2772	58d83840c540b3df63edbec63073f780N.exe	32
PID 2772 wrote to memory of 2668	2772	58d83840c540b3df63edbec63073f780N.exe	32
PID 2996 wrote to memory of 1880	2996	58d83840c540b3df63edbec63073f780N.exe	33
PID 2996 wrote to memory of 1880	2996	58d83840c540b3df63edbec63073f780N.exe	33
PID 2996 wrote to memory of 1880	2996	58d83840c540b3df63edbec63073f780N.exe	33
PID 2996 wrote to memory of 1880	2996	58d83840c540b3df63edbec63073f780N.exe	33
PID 2668 wrote to memory of 3032	2668	58d83840c540b3df63edbec63073f780N.exe	34
PID 2668 wrote to memory of 3032	2668	58d83840c540b3df63edbec63073f780N.exe	34
PID 2668 wrote to memory of 3032	2668	58d83840c540b3df63edbec63073f780N.exe	34
PID 2668 wrote to memory of 3032	2668	58d83840c540b3df63edbec63073f780N.exe	34
PID 1880 wrote to memory of 2372	1880	58d83840c540b3df63edbec63073f780N.exe	35
PID 1880 wrote to memory of 2372	1880	58d83840c540b3df63edbec63073f780N.exe	35
PID 1880 wrote to memory of 2372	1880	58d83840c540b3df63edbec63073f780N.exe	35
PID 1880 wrote to memory of 2372	1880	58d83840c540b3df63edbec63073f780N.exe	35
PID 2772 wrote to memory of 1788	2772	58d83840c540b3df63edbec63073f780N.exe	36
PID 2772 wrote to memory of 1788	2772	58d83840c540b3df63edbec63073f780N.exe	36
PID 2772 wrote to memory of 1788	2772	58d83840c540b3df63edbec63073f780N.exe	36
PID 2772 wrote to memory of 1788	2772	58d83840c540b3df63edbec63073f780N.exe	36
PID 2996 wrote to memory of 2892	2996	58d83840c540b3df63edbec63073f780N.exe	37
PID 2996 wrote to memory of 2892	2996	58d83840c540b3df63edbec63073f780N.exe	37
PID 2996 wrote to memory of 2892	2996	58d83840c540b3df63edbec63073f780N.exe	37
PID 2996 wrote to memory of 2892	2996	58d83840c540b3df63edbec63073f780N.exe	37
PID 3032 wrote to memory of 1836	3032	58d83840c540b3df63edbec63073f780N.exe	38
PID 3032 wrote to memory of 1836	3032	58d83840c540b3df63edbec63073f780N.exe	38
PID 3032 wrote to memory of 1836	3032	58d83840c540b3df63edbec63073f780N.exe	38
PID 3032 wrote to memory of 1836	3032	58d83840c540b3df63edbec63073f780N.exe	38
PID 2668 wrote to memory of 1888	2668	58d83840c540b3df63edbec63073f780N.exe	39
PID 2668 wrote to memory of 1888	2668	58d83840c540b3df63edbec63073f780N.exe	39
PID 2668 wrote to memory of 1888	2668	58d83840c540b3df63edbec63073f780N.exe	39
PID 2668 wrote to memory of 1888	2668	58d83840c540b3df63edbec63073f780N.exe	39
PID 1788 wrote to memory of 1824	1788	58d83840c540b3df63edbec63073f780N.exe	40
PID 1788 wrote to memory of 1824	1788	58d83840c540b3df63edbec63073f780N.exe	40
PID 1788 wrote to memory of 1824	1788	58d83840c540b3df63edbec63073f780N.exe	40
PID 1788 wrote to memory of 1824	1788	58d83840c540b3df63edbec63073f780N.exe	40
PID 2892 wrote to memory of 2060	2892	58d83840c540b3df63edbec63073f780N.exe	42
PID 2892 wrote to memory of 2060	2892	58d83840c540b3df63edbec63073f780N.exe	42
PID 2892 wrote to memory of 2060	2892	58d83840c540b3df63edbec63073f780N.exe	42
PID 2892 wrote to memory of 2060	2892	58d83840c540b3df63edbec63073f780N.exe	42
PID 2372 wrote to memory of 2144	2372	58d83840c540b3df63edbec63073f780N.exe	41
PID 2372 wrote to memory of 2144	2372	58d83840c540b3df63edbec63073f780N.exe	41
PID 2372 wrote to memory of 2144	2372	58d83840c540b3df63edbec63073f780N.exe	41
PID 2372 wrote to memory of 2144	2372	58d83840c540b3df63edbec63073f780N.exe	41
PID 1880 wrote to memory of 2604	1880	58d83840c540b3df63edbec63073f780N.exe	43
PID 1880 wrote to memory of 2604	1880	58d83840c540b3df63edbec63073f780N.exe	43
PID 1880 wrote to memory of 2604	1880	58d83840c540b3df63edbec63073f780N.exe	43
PID 1880 wrote to memory of 2604	1880	58d83840c540b3df63edbec63073f780N.exe	43
PID 2772 wrote to memory of 2684	2772	58d83840c540b3df63edbec63073f780N.exe	44
PID 2772 wrote to memory of 2684	2772	58d83840c540b3df63edbec63073f780N.exe	44
PID 2772 wrote to memory of 2684	2772	58d83840c540b3df63edbec63073f780N.exe	44
PID 2772 wrote to memory of 2684	2772	58d83840c540b3df63edbec63073f780N.exe	44
PID 2996 wrote to memory of 2496	2996	58d83840c540b3df63edbec63073f780N.exe	45
PID 2996 wrote to memory of 2496	2996	58d83840c540b3df63edbec63073f780N.exe	45
PID 2996 wrote to memory of 2496	2996	58d83840c540b3df63edbec63073f780N.exe	45
PID 2996 wrote to memory of 2496	2996	58d83840c540b3df63edbec63073f780N.exe	45
PID 1888 wrote to memory of 2212	1888	58d83840c540b3df63edbec63073f780N.exe	46
PID 1888 wrote to memory of 2212	1888	58d83840c540b3df63edbec63073f780N.exe	46
PID 1888 wrote to memory of 2212	1888	58d83840c540b3df63edbec63073f780N.exe	46
PID 1888 wrote to memory of 2212	1888	58d83840c540b3df63edbec63073f780N.exe	46

C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
"C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        9⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        9⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:18168
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:8944
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:8620
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:11204
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:11016
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:12908
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:6016
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:10492
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:9060
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:11152
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:13256
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:10516
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:13276
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:12872
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:9432
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:12572
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:10544
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:7844
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:11072
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:11136
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
        5⤵
        
        PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:10584
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:9464
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:5980
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:10604
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:13004
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:12548
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:10528
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
      4⤵
      PID:13268
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:10560
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:7852
- - C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
    3⤵
    PID:11056
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  PID:5988
- C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe
  "C:\Users\Admin\AppData\Local\Temp\58d83840c540b3df63edbec63073f780N.exe"
  2⤵
  PID:9424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\french action action catfight cock .rar.exe

Filesize
1.4MB

MD5
0d229514d6d00f660c608b5828fc40c7

SHA1
76984fdfcf10a6ef354e50b5ea5e4b3265ecaf8a

SHA256
db34a36e7b96390b149cc4d06fec30e57843a616fcb3b8416949c8e432f24565

SHA512
033e29519146b05668d7321db13a4f1003db0d6faaec4b62f124e59e827701ca3a9a8f85fdc5151f22d1f1ee9a401e46523b3299b48c46b9022c7a371ffc017f

Download Submit