ed9957ca779e0ee03af2f1b623fc4fb936e0225d167cb988931e60d98a55cf2f

Analysis

max time kernel
31s
max time network
66s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45e2bb2427506cd7955fa0c6fa5f1790N.exe
Size

1.3MB
MD5

45e2bb2427506cd7955fa0c6fa5f1790
SHA1

de524fcbe3ea8aa669fcaa9218d08be658becb3f
SHA256

ed9957ca779e0ee03af2f1b623fc4fb936e0225d167cb988931e60d98a55cf2f
SHA512

f3dcb407e2c2fac97bf33a63a086683f251b5047089c871e6e00d2ef0e65d5f33e41745b469283beebabd7a5e862bd2aa69e5206665b652ab9198eebab3a337d
SSDEEP

24576:2wiwffga7QW+wZniqT5vkEKxHJMwsi+mvJSUXJn9qmzsVkgIuXi:hbffgaT+w8qF/YJMTxUdtQVkB

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\J:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\K:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\S:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Y:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\G:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\R:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\U:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\W:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\N:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\V:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Z:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\A:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\E:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\I:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\M:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\Q:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\T:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\X:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\H:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\L:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\O:	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File opened (read-only)	\??\P:	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\black handjob blowjob uncut wifey (Kathrin,Curtney).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian action horse licking cock blondie .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian gang bang lesbian uncut stockings .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish xxx uncut (Samantha).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\System32\DriverStore\Temp\bukkake girls glans .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian cumshot horse hot (!) hole beautyfull (Sylvia).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese cum gay [milf] boots (Gina,Sarah).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black kicking fucking [bangbus] cock .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay hidden (Curtney).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot bukkake girls glans .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese handjob blowjob lesbian feet hotel (Sarah).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\handjob fucking public (Melissa).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie sleeping feet boots (Melissa).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore hidden glans girly (Janette).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Windows Journal\Templates\brasilian nude fucking hot (!) titts gorgeoushorny .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian action beast girls glans (Jenna,Liz).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake voyeur hole girly .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gay sleeping hole .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish gang bang trambling [free] YEâPSè& (Jenna,Sarah).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\tyrkish action lesbian lesbian feet .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\DVD Maker\Shared\danish fetish xxx hidden ìï .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese kicking lingerie masturbation .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\hardcore [milf] bedroom .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish porn gay sleeping titts shower (Melissa).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american animal trambling hidden blondie .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\xxx [free] feet .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\spanish lesbian several models glans 50+ .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\japanese animal bukkake hidden (Sarah).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\japanese horse horse licking glans black hairunshaved .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian fucking licking .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay catfight .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian horse hardcore hot (!) hole girly .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gay [free] hole boots .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian porn horse hidden glans girly (Liz).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse sleeping .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\canadian trambling masturbation hotel .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\Temp\trambling sleeping YEâPSè& (Jenna,Curtney).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\canadian beast public glans redhair .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beast hot (!) glans Ôë .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude lesbian several models 40+ .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian gang bang gay hot (!) .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\animal sperm girls .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\russian nude hardcore voyeur boots .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\black animal trambling catfight cock penetration (Jade).avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\italian cum beast [milf] feet shoes .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\canadian lesbian public (Karin).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\japanese handjob beast girls shower .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\lesbian lesbian titts .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beastiality xxx voyeur (Sylvia).mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\french lingerie [free] cock young .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\african blowjob voyeur titts girly (Melissa).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public ash (Sonja,Tatjana).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang bukkake masturbation .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\spanish sperm sleeping .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cumshot sperm girls hole (Britney,Melissa).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob full movie balls (Sonja,Janette).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian gang bang xxx hot (!) feet girly .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beast hidden .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\PLA\Templates\brasilian nude xxx [free] blondie .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\SoftwareDistribution\Download\canadian beast sleeping sweet .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish fetish hardcore hot (!) glans .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese horse xxx lesbian cock .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\kicking xxx sleeping fishy .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\animal fucking sleeping (Jade).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\mssrv.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm hot (!) cock blondie (Jade).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\InstallTemp\horse trambling full movie black hairunshaved .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\sperm sleeping penetration .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian beastiality lesbian big 40+ (Gina,Sylvia).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\hardcore catfight titts .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\swedish gang bang sperm [milf] upskirt (Sandy,Curtney).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\malaysia hardcore uncut (Liz).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob horse hot (!) beautyfull .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian trambling big boots .avi.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian hardcore [free] .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\american cum gay licking lady .mpeg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\german hardcore several models .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore full movie (Janette).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\italian beastiality blowjob full movie (Sylvia).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\black cum trambling catfight (Liz).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish gay [bangbus] (Melissa).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese bukkake catfight (Sarah).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking big circumcision .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german trambling hot (!) glans (Kathrin,Tatjana).zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\Downloaded Program Files\italian cumshot trambling hidden pregnant (Ashley,Samantha).mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\porn trambling catfight feet castration .mpg.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\fetish gay catfight girly .rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia trambling masturbation titts .zip.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\british lingerie hidden (Samantha).rar.exe	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2920	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2960	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2984	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2996	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe
572	45e2bb2427506cd7955fa0c6fa5f1790N.exe
844	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2212	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2116	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1476	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2920	45e2bb2427506cd7955fa0c6fa5f1790N.exe
820	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe
380	45e2bb2427506cd7955fa0c6fa5f1790N.exe
660	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2440	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2092	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2984	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2960	45e2bb2427506cd7955fa0c6fa5f1790N.exe
688	45e2bb2427506cd7955fa0c6fa5f1790N.exe
688	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1496	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1496	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2080	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2080	45e2bb2427506cd7955fa0c6fa5f1790N.exe
856	45e2bb2427506cd7955fa0c6fa5f1790N.exe
856	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1616	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1616	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2428	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2428	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2192	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2192	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1868	45e2bb2427506cd7955fa0c6fa5f1790N.exe
1868	45e2bb2427506cd7955fa0c6fa5f1790N.exe
892	45e2bb2427506cd7955fa0c6fa5f1790N.exe
892	45e2bb2427506cd7955fa0c6fa5f1790N.exe
2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2756	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	30
PID 1752 wrote to memory of 2756	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	30
PID 1752 wrote to memory of 2756	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	30
PID 1752 wrote to memory of 2756	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	30
PID 2756 wrote to memory of 2544	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	31
PID 2756 wrote to memory of 2544	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	31
PID 2756 wrote to memory of 2544	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	31
PID 2756 wrote to memory of 2544	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	31
PID 1752 wrote to memory of 2280	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	32
PID 1752 wrote to memory of 2280	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	32
PID 1752 wrote to memory of 2280	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	32
PID 1752 wrote to memory of 2280	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	32
PID 2544 wrote to memory of 2232	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	33
PID 2544 wrote to memory of 2232	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	33
PID 2544 wrote to memory of 2232	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	33
PID 2544 wrote to memory of 2232	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	33
PID 2756 wrote to memory of 2064	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	34
PID 2756 wrote to memory of 2064	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	34
PID 2756 wrote to memory of 2064	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	34
PID 2756 wrote to memory of 2064	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	34
PID 2280 wrote to memory of 2084	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	35
PID 2280 wrote to memory of 2084	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	35
PID 2280 wrote to memory of 2084	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	35
PID 2280 wrote to memory of 2084	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	35
PID 1752 wrote to memory of 2704	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	36
PID 1752 wrote to memory of 2704	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	36
PID 1752 wrote to memory of 2704	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	36
PID 1752 wrote to memory of 2704	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	36
PID 2232 wrote to memory of 1456	2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe	37
PID 2232 wrote to memory of 1456	2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe	37
PID 2232 wrote to memory of 1456	2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe	37
PID 2232 wrote to memory of 1456	2232	45e2bb2427506cd7955fa0c6fa5f1790N.exe	37
PID 2064 wrote to memory of 2920	2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe	38
PID 2064 wrote to memory of 2920	2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe	38
PID 2064 wrote to memory of 2920	2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe	38
PID 2064 wrote to memory of 2920	2064	45e2bb2427506cd7955fa0c6fa5f1790N.exe	38
PID 2544 wrote to memory of 2960	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	39
PID 2544 wrote to memory of 2960	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	39
PID 2544 wrote to memory of 2960	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	39
PID 2544 wrote to memory of 2960	2544	45e2bb2427506cd7955fa0c6fa5f1790N.exe	39
PID 2084 wrote to memory of 2996	2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe	40
PID 2084 wrote to memory of 2996	2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe	40
PID 2084 wrote to memory of 2996	2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe	40
PID 2084 wrote to memory of 2996	2084	45e2bb2427506cd7955fa0c6fa5f1790N.exe	40
PID 2756 wrote to memory of 2984	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	41
PID 2756 wrote to memory of 2984	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	41
PID 2756 wrote to memory of 2984	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	41
PID 2756 wrote to memory of 2984	2756	45e2bb2427506cd7955fa0c6fa5f1790N.exe	41
PID 2704 wrote to memory of 572	2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe	42
PID 2704 wrote to memory of 572	2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe	42
PID 2704 wrote to memory of 572	2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe	42
PID 2704 wrote to memory of 572	2704	45e2bb2427506cd7955fa0c6fa5f1790N.exe	42
PID 2280 wrote to memory of 2212	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	43
PID 2280 wrote to memory of 2212	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	43
PID 2280 wrote to memory of 2212	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	43
PID 2280 wrote to memory of 2212	2280	45e2bb2427506cd7955fa0c6fa5f1790N.exe	43
PID 1752 wrote to memory of 844	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	44
PID 1752 wrote to memory of 844	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	44
PID 1752 wrote to memory of 844	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	44
PID 1752 wrote to memory of 844	1752	45e2bb2427506cd7955fa0c6fa5f1790N.exe	44
PID 1456 wrote to memory of 1476	1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe	45
PID 1456 wrote to memory of 1476	1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe	45
PID 1456 wrote to memory of 1476	1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe	45
PID 1456 wrote to memory of 1476	1456	45e2bb2427506cd7955fa0c6fa5f1790N.exe	45

C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
"C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        10⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        10⤵
        
        PID:22200
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:21732
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:21712
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:21808
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:21272
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:21824
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:20988
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21684
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:22480
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        9⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:22184
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:21692
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22372
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:22192
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:21264
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:20308
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21764
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10944
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:22492
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21748
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21668
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21852
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:21436
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22172
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15444
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11920
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:21772
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6108
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:15012
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:22104
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:22364
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21816
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21800
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21720
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14832
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:688
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:22208
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21780
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21756
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11944
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11192
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:5324
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9552
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12924
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        7⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21788
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:21424
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16508
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16572
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:21676
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6148
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9544
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12944
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10564
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12184
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6164
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:15068
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
        5⤵
        
        PID:21652
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:10984
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:12844
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:10256
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:14976
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
      "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
      4⤵
      PID:21660
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:7336
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:10724
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:7484
- - C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
    "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
    3⤵
    PID:12160
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:6244
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:10320
- C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe
  "C:\Users\Admin\AppData\Local\Temp\45e2bb2427506cd7955fa0c6fa5f1790N.exe"
  2⤵
  PID:15704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian action beast girls glans (Jenna,Liz).rar.exe

Filesize
159KB

MD5
bf8a0d6a8057bb76213d93855cb0a867

SHA1
9928888a1874ff35db37e7c2e07ea4e9e2432ac5

SHA256
a4b36c65a26d3d34c7fb07b7d34a08ed9e93f94952a25f1b1a7da0826a927ad2

SHA512
3b7db21e94ae40e3d401af96c1683393ff3f748cc38d56186fc3f477d8630336370e9d07b114226d75570c95bd9a6e46ba5369eb8a0c1da3d1196599ab3d7b0e

Download Submit
C:\debug.txt

Filesize
183B

MD5
239faa82ae679f75c69a8b7354b85e53

SHA1
01ecfb098203ebe61e116ae5c35bb5e2d99a7d92

SHA256
f74fda87b7283d0397e4c33b3c970a0aa4efb1700d7840b1940421b9aa626b17

SHA512
27c7563cb803719e1ab2e640497e54f0349e55f730e59fb00eb8c869355729f56a502eee4aa511555a80906c90c526d9afe9d37ddb1e89ae81416b5f163e2b2b

Download Submit