d3c1b1481e62d73d3d21fce30a69933ee797dd16f2b4c03c540dc797166653fd

Analysis

max time kernel
9s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af14d305c0cf5f533e9bfba2aa4f8930N.exe
Size

581KB
MD5

af14d305c0cf5f533e9bfba2aa4f8930
SHA1

2f9c17909651cc8228050cafd5c3e23b2f288eb5
SHA256

d3c1b1481e62d73d3d21fce30a69933ee797dd16f2b4c03c540dc797166653fd
SHA512

ff164d42e7f2cabc02b0226f27524ced0c9124a3bd28e5d28c42303c20fbd6c4869530c82d00230e91cdf1de8b21e48f3d85daa4c2b342da8bb97bc934c181e1
SSDEEP

12288:A//vi9BbG84iWhq5JGggUC72f7Sa1qfawpLGjSETDUbHnhPqtxq2L86:2wqsyqm26fg5TDU7BqtfL7

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\L:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\M:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\N:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\R:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\A:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\E:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\G:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Z:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\S:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\T:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\U:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Q:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\B:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\O:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\P:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\Y:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\H:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\J:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\X:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\I:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\V:	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File opened (read-only)	\??\W:	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\german fetish voyeur beautyfull .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Google\Temp\beast licking ash balls .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake cumshot [milf] boobs mistress .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast gay masturbation traffic .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Common Files\microsoft shared\handjob kicking [free] feet latex .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american porn beast big .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fetish gay uncut granny .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish gang bang catfight circumcision .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse uncut vagina .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\dotnet\shared\canadian horse sleeping bondage .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\sperm porn girls swallow .mpeg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal uncut .mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\cumshot public (Melissa,Tatjana).rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\kicking hot (!) (Samantha).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese xxx action [free] (Karin).avi.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese horse hardcore [bangbus] mature .rar.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling licking .zip.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast [bangbus] high heels (Liz).mpg.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1048	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1048	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe
5060	af14d305c0cf5f533e9bfba2aa4f8930N.exe
5060	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe
3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 3400	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	87
PID 1952 wrote to memory of 3400	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	87
PID 1952 wrote to memory of 3400	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	87
PID 1952 wrote to memory of 1048	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	88
PID 1952 wrote to memory of 1048	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	88
PID 1952 wrote to memory of 1048	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	88
PID 3400 wrote to memory of 5060	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	89
PID 3400 wrote to memory of 5060	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	89
PID 3400 wrote to memory of 5060	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	89
PID 1952 wrote to memory of 772	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	92
PID 1952 wrote to memory of 772	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	92
PID 1952 wrote to memory of 772	1952	af14d305c0cf5f533e9bfba2aa4f8930N.exe	92
PID 3400 wrote to memory of 2628	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	93
PID 3400 wrote to memory of 2628	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	93
PID 3400 wrote to memory of 2628	3400	af14d305c0cf5f533e9bfba2aa4f8930N.exe	93
PID 1048 wrote to memory of 4764	1048	af14d305c0cf5f533e9bfba2aa4f8930N.exe	94
PID 1048 wrote to memory of 4764	1048	af14d305c0cf5f533e9bfba2aa4f8930N.exe	94
PID 1048 wrote to memory of 4764	1048	af14d305c0cf5f533e9bfba2aa4f8930N.exe	94
PID 5060 wrote to memory of 864	5060	af14d305c0cf5f533e9bfba2aa4f8930N.exe	95
PID 5060 wrote to memory of 864	5060	af14d305c0cf5f533e9bfba2aa4f8930N.exe	95
PID 5060 wrote to memory of 864	5060	af14d305c0cf5f533e9bfba2aa4f8930N.exe	95

C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
"C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14084
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1536
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12388
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13992
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15724
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15528
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:3512
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12520
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14236
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:8204
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:11068
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:15124
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14796
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:15140
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12916
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:8460
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:11396
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:16048
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13804
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13196
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12268
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:11556
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:4516
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
        5⤵
        
        PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:12844
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:16056
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:9996
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:13844
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
      "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
      4⤵
      PID:13528
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:9052
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:11992
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:6092
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:10820
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:14804
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:7476
- - C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
    "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
    3⤵
    PID:13984
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:9852
- C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe
  "C:\Users\Admin\AppData\Local\Temp\af14d305c0cf5f533e9bfba2aa4f8930N.exe"
  2⤵
  PID:13660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal uncut .mpg.exe

Filesize
405KB

MD5
593b290328ceed3b4fb5ddb96c895bcb

SHA1
cf438ee7c275cda628faa981a0837efcdd74b502

SHA256
12efe3016424a24951508211c437463e67585d57d244616779d7890b90acad97

SHA512
24b10739cfbdec1f35d98beb0953abd1afc7582d43e08cac8dd9f3a32894a2969900dd7a017c891e563dcb64b0243aa8af9ef549c6b40873cf58f10fefb24af7

Download Submit