d3c1b1481e62d73d3d21fce30a69933ee797dd16f2b4c03c540dc797166653fd

Analysis

max time kernel
16s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af14d305c0cf5f533e9bfba2aa4f8930N.exe
Size

581KB
MD5

af14d305c0cf5f533e9bfba2aa4f8930
SHA1

2f9c17909651cc8228050cafd5c3e23b2f288eb5
SHA256

d3c1b1481e62d73d3d21fce30a69933ee797dd16f2b4c03c540dc797166653fd
SHA512

ff164d42e7f2cabc02b0226f27524ced0c9124a3bd28e5d28c42303c20fbd6c4869530c82d00230e91cdf1de8b21e48f3d85daa4c2b342da8bb97bc934c181e1
SSDEEP

12288:A//vi9BbG84iWhq5JGggUC72f7Sa1qfawpLGjSETDUbHnhPqtxq2L86:2wqsyqm26fg5TDU7BqtfL7

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\G:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\H:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\J:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\V:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\E:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\M:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Q:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\U:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Z:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\B:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\N:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\O:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\T:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\X:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Y:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\I:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\K:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\L:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\P:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\R:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\S:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\W:	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\fetish bukkake masturbation hole young .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese cumshot trambling several models high heels .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cum gay girls boots .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese beastiality lingerie girls titts swallow (Sarah).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian kicking horse voyeur femdom .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse licking .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore [bangbus] hole .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse catfight sm .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\System32\DriverStore\Temp\american fetish gay girls (Karin).mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish horse lesbian masturbation penetration .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black fetish fucking [bangbus] mature .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish cum beast hidden cock .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx full movie cock (Ashley,Samantha).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore public boots .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian porn horse big gorgeoushorny .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Google\Temp\black cumshot gay voyeur (Janette).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian handjob horse uncut young .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lingerie several models glans granny (Sarah).mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish gang bang xxx [free] titts .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\DVD Maker\Shared\russian nude beast hidden shower .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian horse lesbian girls cock fishy .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese action trambling [free] (Karin).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake uncut balls .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish porn sperm masturbation glans .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Windows Journal\Templates\black horse bukkake [milf] feet fishy .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\black nude blowjob public (Melissa).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob public feet high heels .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\kicking trambling [milf] .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\tyrkish porn hardcore full movie .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\fetish bukkake [free] (Janette).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese kicking beast girls boots (Christine,Melissa).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\japanese nude lesbian lesbian .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay [milf] shower .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\african bukkake full movie (Samantha).mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\italian beastiality hardcore licking hole .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang hardcore girls (Samantha).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian animal bukkake catfight .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian hidden titts (Britney,Karin).mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\security\templates\horse [bangbus] redhair (Sonja,Janette).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\canadian gay voyeur titts redhair .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\porn gay licking titts ìï .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\temp\italian kicking trambling big cock .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\PLA\Templates\hardcore sleeping cock (Britney,Curtney).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\cumshot fucking hot (!) balls .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\blowjob hot (!) high heels (Christine,Jade).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\sperm [free] upskirt (Sonja,Curtney).mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\british lingerie [milf] feet pregnant .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian hardcore masturbation hole swallow .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish beastiality trambling sleeping .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese gang bang trambling voyeur cock (Britney,Karin).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\canadian hardcore lesbian traffic .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\fucking full movie cock black hairunshaved (Curtney).mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\horse full movie feet blondie .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\beastiality horse hot (!) glans beautyfull (Curtney).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gay sleeping (Karin).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\asian blowjob [milf] titts sweet .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\british hardcore masturbation femdom .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\french fucking voyeur feet mistress (Sylvia).mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\tmp\black porn horse licking bondage .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian kicking hardcore sleeping black hairunshaved .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob bukkake sleeping balls (Jenna,Sarah).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\brasilian animal lingerie catfight granny .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm [free] fishy (Sandy,Tatjana).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\italian cum xxx full movie traffic (Kathrin,Liz).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\Downloaded Program Files\indian beastiality trambling voyeur .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\bukkake big 50+ .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\trambling girls feet .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality trambling voyeur .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian action bukkake catfight feet (Anniston,Curtney).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish fetish fucking girls shower .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black cumshot bukkake hot (!) hole .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\asian gay [bangbus] feet stockings (Janette).mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\bukkake full movie girly (Britney,Karin).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black nude fucking full movie black hairunshaved .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\blowjob big redhair .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\russian fetish gay [bangbus] .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\brasilian gang bang sperm voyeur (Tatjana).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling full movie feet sweet (Samantha).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\russian handjob blowjob [free] .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\fetish fucking masturbation glans swallow (Sarah).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\norwegian hardcore lesbian femdom .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\beastiality lesbian public cock .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\beastiality xxx masturbation boots .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\malaysia gay hot (!) hole wifey (Sylvia).zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\fetish sperm masturbation .avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\malaysia bukkake hidden .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\african hardcore hidden cock castration .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\mssrv.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian kicking sperm catfight shoes .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 43 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1796	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2656	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1148	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2328	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2580	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2028	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2236	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1852	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2100	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1256	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1288	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe
440	af14d305c0cf5f533e9bfba2aa4f8930N.exe
440	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2312	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2312	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe
640	af14d305c0cf5f533e9bfba2aa4f8930N.exe
640	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1132	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1132	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1284	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1284	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2656	af14d305c0cf5f533e9bfba2aa4f8930N.exe
2656	af14d305c0cf5f533e9bfba2aa4f8930N.exe
344	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2016	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	30
PID 2752 wrote to memory of 2016	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	30
PID 2752 wrote to memory of 2016	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	30
PID 2752 wrote to memory of 2016	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	30
PID 2016 wrote to memory of 2632	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	31
PID 2016 wrote to memory of 2632	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	31
PID 2016 wrote to memory of 2632	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	31
PID 2016 wrote to memory of 2632	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	31
PID 2752 wrote to memory of 2052	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	32
PID 2752 wrote to memory of 2052	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	32
PID 2752 wrote to memory of 2052	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	32
PID 2752 wrote to memory of 2052	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	32
PID 2632 wrote to memory of 2856	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	33
PID 2632 wrote to memory of 2856	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	33
PID 2632 wrote to memory of 2856	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	33
PID 2632 wrote to memory of 2856	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	33
PID 2016 wrote to memory of 2968	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	34
PID 2016 wrote to memory of 2968	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	34
PID 2016 wrote to memory of 2968	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	34
PID 2016 wrote to memory of 2968	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	34
PID 2052 wrote to memory of 2960	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	35
PID 2052 wrote to memory of 2960	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	35
PID 2052 wrote to memory of 2960	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	35
PID 2052 wrote to memory of 2960	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	35
PID 2752 wrote to memory of 2696	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	36
PID 2752 wrote to memory of 2696	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	36
PID 2752 wrote to memory of 2696	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	36
PID 2752 wrote to memory of 2696	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	36
PID 2856 wrote to memory of 2664	2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe	37
PID 2856 wrote to memory of 2664	2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe	37
PID 2856 wrote to memory of 2664	2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe	37
PID 2856 wrote to memory of 2664	2856	af14d305c0cf5f533e9bfba2aa4f8930N.exe	37
PID 2968 wrote to memory of 3016	2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe	38
PID 2968 wrote to memory of 3016	2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe	38
PID 2968 wrote to memory of 3016	2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe	38
PID 2968 wrote to memory of 3016	2968	af14d305c0cf5f533e9bfba2aa4f8930N.exe	38
PID 2632 wrote to memory of 2328	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	39
PID 2632 wrote to memory of 2328	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	39
PID 2632 wrote to memory of 2328	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	39
PID 2632 wrote to memory of 2328	2632	af14d305c0cf5f533e9bfba2aa4f8930N.exe	39
PID 2016 wrote to memory of 1796	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	40
PID 2016 wrote to memory of 1796	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	40
PID 2016 wrote to memory of 1796	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	40
PID 2016 wrote to memory of 1796	2016	af14d305c0cf5f533e9bfba2aa4f8930N.exe	40
PID 2052 wrote to memory of 2580	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	41
PID 2052 wrote to memory of 2580	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	41
PID 2052 wrote to memory of 2580	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	41
PID 2052 wrote to memory of 2580	2052	af14d305c0cf5f533e9bfba2aa4f8930N.exe	41
PID 2752 wrote to memory of 2656	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	42
PID 2752 wrote to memory of 2656	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	42
PID 2752 wrote to memory of 2656	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	42
PID 2752 wrote to memory of 2656	2752	af14d305c0cf5f533e9bfba2aa4f8930N.exe	42
PID 2696 wrote to memory of 1148	2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe	43
PID 2696 wrote to memory of 1148	2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe	43
PID 2696 wrote to memory of 1148	2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe	43
PID 2696 wrote to memory of 1148	2696	af14d305c0cf5f533e9bfba2aa4f8930N.exe	43
PID 2960 wrote to memory of 2028	2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe	44
PID 2960 wrote to memory of 2028	2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe	44
PID 2960 wrote to memory of 2028	2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe	44
PID 2960 wrote to memory of 2028	2960	af14d305c0cf5f533e9bfba2aa4f8930N.exe	44
PID 2664 wrote to memory of 2236	2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe	45
PID 2664 wrote to memory of 2236	2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe	45
PID 2664 wrote to memory of 2236	2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe	45
PID 2664 wrote to memory of 2236	2664	af14d305c0cf5f533e9bfba2aa4f8930N.exe	45

C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
"C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        10⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        10⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15008
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:264
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13888
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13960
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:17744
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12952
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12768
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:7824
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:14024
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:492
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12936
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12816
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9948
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13740
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14152
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:8216
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:13944
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12800
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:344
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12872
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14296
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14136
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6228
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:14064
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14312
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:9668
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14072
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13796
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14752
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:9676
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14032
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:9844
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:15624
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:3920
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14564
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:14168
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:5508
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:12856
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:9716
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:17256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx full movie cock (Ashley,Samantha).avi.exe

Filesize
733KB

MD5
5d1f6acea54f3bbcdb301600187805c9

SHA1
28cb643e4615fa02a1ab8b5332462abcdb80b0b0

SHA256
db1a0dd77c53eec99bd6b77ea9b7ae71f4dd991266ef7c3cff44684d731b3bed

SHA512
79f9375def5f2109310c1d5512b3e08f91a5c70202d0aaca2100c94795857013a22b14c0a066090b0f6a1f1f67a2ab7ba5c19a5c201ae46df148b666902d43fe

Download Submit