d493533fc222a5e6ab2fd8d17dd5099213090bf307647e8d50c9cfe51f9f3584

Analysis

max time kernel
14s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b57b59d8bf8c07140174a2a5a9acb10N.exe
Size

624KB
MD5

4b57b59d8bf8c07140174a2a5a9acb10
SHA1

5c9ed70c715999fb7056a2e135b2abab96b7059c
SHA256

d493533fc222a5e6ab2fd8d17dd5099213090bf307647e8d50c9cfe51f9f3584
SHA512

4c76f86bd979697d6b9c0c69dd79421ddb382b6f52d9b476d3e79d5bea904fb30890639ffe9b355175db22f4b70afc4e88d735d9c51827e0c8693c8666c6b2eb
SSDEEP

12288:dXCNi9Bi6CyTvvl2ywehL8Y/6Wq1+e1aJa3e/I2eIrYJT0I6za+XLdi5C:oWi/yz8ywehL8Y/6V/aJa3e/LeAYJT0n

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\M:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\N:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\W:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\Y:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\J:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\L:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\O:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\Q:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\R:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\B:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\P:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\U:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\V:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\Z:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\A:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\E:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\G:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\I:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\K:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\S:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\T:	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File opened (read-only)	\??\X:	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\italian porn gay uncut high heels .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\beast several models feet redhair (Tatjana).mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse voyeur black hairunshaved .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake full movie hole .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish cumshot gay big leather .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese gang bang xxx big .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american cum beast girls glans hairy (Sarah).mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie hidden feet stockings (Sarah).rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian gang bang bukkake voyeur cock .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\bukkake masturbation shower .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian [bangbus] hairy .mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian handjob lesbian hot (!) (Janette).rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files\DVD Maker\Shared\indian gang bang lingerie several models beautyfull .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files\Windows Journal\Templates\american handjob blowjob lesbian .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Google\Temp\black cumshot trambling voyeur 40+ .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake hot (!) 40+ .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian handjob gay full movie .mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish cum xxx licking .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian handjob bukkake girls hole redhair .mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fucking [bangbus] glans .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lingerie big (Jade).avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian nude horse licking ejaculation .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black nude fucking [bangbus] cock hairy .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie masturbation (Karin).mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish kicking fucking catfight feet bondage .mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\temp\indian gang bang lesbian lesbian hole latex (Sylvia).mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action trambling licking lady .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum lesbian hot (!) (Sylvia).mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beast girls feet traffic (Jade).mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\mssrv.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn beast several models glans .zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish horse lingerie several models glans beautyfull (Tatjana).avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast hot (!) 40+ .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\security\templates\lesbian [bangbus] black hairunshaved .mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse sleeping glans mature (Tatjana).avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american cumshot lesbian [milf] titts blondie .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore voyeur (Liz).rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian fetish fucking public cock young (Janette).zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay masturbation .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish animal blowjob sleeping hole 50+ .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\danish animal gay hidden glans (Jenna,Samantha).zip.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish cum xxx lesbian cock .mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\tmp\trambling uncut feet hotel .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian kicking beast uncut hairy (Ashley,Curtney).mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish cum gay full movie cock .mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie big titts hotel (Sylvia).mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\Downloaded Program Files\danish nude bukkake catfight .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\PLA\Templates\danish cumshot horse hidden feet .avi.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking big (Jade).mpg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish horse blowjob catfight feet gorgeoushorny .mpeg.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian beastiality fucking [free] penetration .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish porn lingerie several models .rar.exe	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1732	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1692	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2924	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2696	4b57b59d8bf8c07140174a2a5a9acb10N.exe
3064	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2328	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2056	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2408	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2072	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1732	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2372	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1752	4b57b59d8bf8c07140174a2a5a9acb10N.exe
928	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe
1692	4b57b59d8bf8c07140174a2a5a9acb10N.exe
108	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2824	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2256	4b57b59d8bf8c07140174a2a5a9acb10N.exe
632	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2092	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2924	4b57b59d8bf8c07140174a2a5a9acb10N.exe
2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2492	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	29
PID 2564 wrote to memory of 2492	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	29
PID 2564 wrote to memory of 2492	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	29
PID 2564 wrote to memory of 2492	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	29
PID 2492 wrote to memory of 2884	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	30
PID 2492 wrote to memory of 2884	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	30
PID 2492 wrote to memory of 2884	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	30
PID 2492 wrote to memory of 2884	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	30
PID 2564 wrote to memory of 2636	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	31
PID 2564 wrote to memory of 2636	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	31
PID 2564 wrote to memory of 2636	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	31
PID 2564 wrote to memory of 2636	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	31
PID 2884 wrote to memory of 2660	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	32
PID 2884 wrote to memory of 2660	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	32
PID 2884 wrote to memory of 2660	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	32
PID 2884 wrote to memory of 2660	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	32
PID 2636 wrote to memory of 2700	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	33
PID 2636 wrote to memory of 2700	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	33
PID 2636 wrote to memory of 2700	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	33
PID 2636 wrote to memory of 2700	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	33
PID 2492 wrote to memory of 2304	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	34
PID 2492 wrote to memory of 2304	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	34
PID 2492 wrote to memory of 2304	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	34
PID 2492 wrote to memory of 2304	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	34
PID 2564 wrote to memory of 2216	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	35
PID 2564 wrote to memory of 2216	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	35
PID 2564 wrote to memory of 2216	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	35
PID 2564 wrote to memory of 2216	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	35
PID 2660 wrote to memory of 1984	2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe	36
PID 2660 wrote to memory of 1984	2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe	36
PID 2660 wrote to memory of 1984	2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe	36
PID 2660 wrote to memory of 1984	2660	4b57b59d8bf8c07140174a2a5a9acb10N.exe	36
PID 2636 wrote to memory of 1732	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	37
PID 2636 wrote to memory of 1732	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	37
PID 2636 wrote to memory of 1732	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	37
PID 2636 wrote to memory of 1732	2636	4b57b59d8bf8c07140174a2a5a9acb10N.exe	37
PID 2700 wrote to memory of 1692	2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe	38
PID 2700 wrote to memory of 1692	2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe	38
PID 2700 wrote to memory of 1692	2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe	38
PID 2700 wrote to memory of 1692	2700	4b57b59d8bf8c07140174a2a5a9acb10N.exe	38
PID 2492 wrote to memory of 2924	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	39
PID 2492 wrote to memory of 2924	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	39
PID 2492 wrote to memory of 2924	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	39
PID 2492 wrote to memory of 2924	2492	4b57b59d8bf8c07140174a2a5a9acb10N.exe	39
PID 2216 wrote to memory of 2696	2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe	41
PID 2216 wrote to memory of 2696	2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe	41
PID 2216 wrote to memory of 2696	2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe	41
PID 2216 wrote to memory of 2696	2216	4b57b59d8bf8c07140174a2a5a9acb10N.exe	41
PID 2884 wrote to memory of 2328	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	42
PID 2884 wrote to memory of 2328	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	42
PID 2884 wrote to memory of 2328	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	42
PID 2884 wrote to memory of 2328	2884	4b57b59d8bf8c07140174a2a5a9acb10N.exe	42
PID 2564 wrote to memory of 2056	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	40
PID 2564 wrote to memory of 2056	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	40
PID 2564 wrote to memory of 2056	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	40
PID 2564 wrote to memory of 2056	2564	4b57b59d8bf8c07140174a2a5a9acb10N.exe	40
PID 2304 wrote to memory of 3064	2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe	43
PID 2304 wrote to memory of 3064	2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe	43
PID 2304 wrote to memory of 3064	2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe	43
PID 2304 wrote to memory of 3064	2304	4b57b59d8bf8c07140174a2a5a9acb10N.exe	43
PID 1984 wrote to memory of 2072	1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe	45
PID 1984 wrote to memory of 2072	1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe	45
PID 1984 wrote to memory of 2072	1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe	45
PID 1984 wrote to memory of 2072	1984	4b57b59d8bf8c07140174a2a5a9acb10N.exe	45

C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
"C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9808
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9236
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:10436
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9572
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:8760
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:5208
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:8612
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9068
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9944
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9952
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:10052
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9144
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:5936
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:9580
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:428
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9848
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        6⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:10020
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:1052
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9696
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:8580
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:8604
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:9288
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:6492
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:10460
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:10012
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
      "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
      4⤵
      PID:8904
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:5392
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:9936
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:8800
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  PID:3784
- - C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
    3⤵
    PID:8888
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  PID:5276
- C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe
  "C:\Users\Admin\AppData\Local\Temp\4b57b59d8bf8c07140174a2a5a9acb10N.exe"
  2⤵
  PID:9816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian handjob bukkake girls hole redhair .mpg.exe

Filesize
179KB

MD5
1fb053a7bd604e420659ea56921bc379

SHA1
df8189bbfd52910231612c7abcabe08209015470

SHA256
afcb12a2cdcd938752a2d38fdb00a8f45623c7b01c91be8111c9d1e1b9ea3105

SHA512
9a183ab20cd8781384601acfe00233e960030c79bfdd697b9446c76dcfcf73f810860d3df71a727fe65f9d503c8414f3080deefa18038c77a451de1f44346da6

Download Submit