5c05921d49d08e3bdbe2d9e593970397988bd5096d37d19697b1f2ff72670f1a

Analysis

max time kernel
36s
max time network
55s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 19:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c822d2860b3645bcdf3d52027a3c2810N.exe
Size

296KB
MD5

c822d2860b3645bcdf3d52027a3c2810
SHA1

79734bb649a19a667e77a19d983fdcbb4af12725
SHA256

5c05921d49d08e3bdbe2d9e593970397988bd5096d37d19697b1f2ff72670f1a
SHA512

793d0927d1d835b83c8e1e475b5e7e439860ad597e0633d792aaa53078c08cf46f943b138d981786e956d7b2669d42019ed0429c92d8984474bfc310b88d28f5
SSDEEP

6144:dXC4vgmhbIxs3NBBUim00pRiyT1CkeBsili68ALZmzP1EUY3GALG:dXCNi9BeiQi9yCi68ALZY9TALG

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c822d2860b3645bcdf3d52027a3c2810N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\S:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\U:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\W:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\Z:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\G:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\J:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\L:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\O:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\P:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\Q:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\Y:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\B:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\E:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\K:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\V:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\H:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\N:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\R:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\X:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\A:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\I:	c822d2860b3645bcdf3d52027a3c2810N.exe
File opened (read-only)	\??\T:	c822d2860b3645bcdf3d52027a3c2810N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\sperm voyeur beautyfull .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cumshot blowjob hidden .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian kicking lingerie [free] .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian kicking lesbian [free] lady .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian handjob beast public hole ash .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob hot (!) .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian porn horse big glans .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian nude sperm masturbation balls .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish hardcore uncut (Karin).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese cumshot xxx hot (!) fishy (Gina,Liz).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\italian porn horse [free] (Sarah).mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\hardcore voyeur boots .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse licking .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx catfight (Curtney).zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files\DVD Maker\Shared\gay several models pregnant .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian cum blowjob full movie .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian kicking bukkake voyeur (Melissa).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Google\Temp\horse masturbation (Sylvia).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish animal xxx big feet bondage (Karin).mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american beastiality gay girls boots .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files\Windows Journal\Templates\italian fetish sperm girls feet redhair .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish beastiality lesbian voyeur (Janette).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish beastiality hardcore several models .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish cum beast full movie .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish handjob bukkake full movie 50+ (Ashley,Samantha).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\indian cum xxx catfight .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\russian cumshot trambling girls (Sylvia).mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beastiality trambling [free] glans lady (Sylvia).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\hardcore hot (!) .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian beastiality lingerie hot (!) glans .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\chinese hardcore public redhair .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\asian beast uncut cock hairy .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\InstallTemp\british sperm full movie cock shower .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\porn trambling several models shoes .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\nude horse full movie (Samantha).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african beast catfight penetration .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\malaysia lesbian [milf] cock latex .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\swedish action horse sleeping .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\asian horse licking beautyfull .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\french bukkake several models bondage .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\danish porn blowjob sleeping titts 40+ .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang gay masturbation mature .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\chinese lingerie catfight (Tatjana).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\african horse lesbian hole leather .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish hardcore sleeping glans young .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\trambling big titts .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\Downloaded Program Files\japanese fetish horse [bangbus] gorgeoushorny .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\SoftwareDistribution\Download\lesbian licking stockings .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\swedish nude beast hidden .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese kicking fucking sleeping 40+ .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\nude gay hidden black hairunshaved .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese animal fucking [milf] (Tatjana).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx girls sm .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\german fucking hot (!) hole castration (Jade).mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british lingerie hot (!) hole high heels .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm big titts .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british hardcore full movie penetration .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british lingerie hidden (Curtney).mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish trambling uncut swallow .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\lesbian hidden (Melissa).zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian handjob lesbian [milf] .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese beast girls cock (Anniston,Samantha).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\animal trambling public .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\cum fucking hidden .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\Temp\russian cumshot hardcore masturbation feet femdom .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fetish gay full movie young .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american handjob blowjob lesbian .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\american action beast girls leather .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\bukkake girls glans mature (Tatjana).zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cumshot blowjob sleeping glans .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\fucking hidden (Jade).mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish fetish lesbian voyeur glans bedroom .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish kicking fucking hot (!) hole (Ashley,Curtney).mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french beast hot (!) swallow (Ashley,Tatjana).mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian lingerie hidden (Sarah).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\italian cumshot trambling [milf] hole shoes .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\italian porn hardcore full movie .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\lingerie [milf] .mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian lesbian hidden (Karin).mpeg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian bukkake hot (!) swallow .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish handjob horse hot (!) glans (Gina,Karin).avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action gay girls black hairunshaved .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\hardcore big .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lesbian [milf] glans bondage .rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\brasilian horse horse full movie beautyfull .zip.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\black fetish lesbian catfight feet wifey (Liz).rar.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\mssrv.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish cum lingerie uncut castration .mpg.exe	c822d2860b3645bcdf3d52027a3c2810N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie public feet granny .avi.exe	c822d2860b3645bcdf3d52027a3c2810N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c822d2860b3645bcdf3d52027a3c2810N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
1216	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
536	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
2788	c822d2860b3645bcdf3d52027a3c2810N.exe
1216	c822d2860b3645bcdf3d52027a3c2810N.exe
2844	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
1288	c822d2860b3645bcdf3d52027a3c2810N.exe
2236	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
536	c822d2860b3645bcdf3d52027a3c2810N.exe
2548	c822d2860b3645bcdf3d52027a3c2810N.exe
2188	c822d2860b3645bcdf3d52027a3c2810N.exe
1072	c822d2860b3645bcdf3d52027a3c2810N.exe
2788	c822d2860b3645bcdf3d52027a3c2810N.exe
872	c822d2860b3645bcdf3d52027a3c2810N.exe
1216	c822d2860b3645bcdf3d52027a3c2810N.exe
1244	c822d2860b3645bcdf3d52027a3c2810N.exe
1748	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
1288	c822d2860b3645bcdf3d52027a3c2810N.exe
2236	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
1900	c822d2860b3645bcdf3d52027a3c2810N.exe
2844	c822d2860b3645bcdf3d52027a3c2810N.exe
2356	c822d2860b3645bcdf3d52027a3c2810N.exe
536	c822d2860b3645bcdf3d52027a3c2810N.exe
2180	c822d2860b3645bcdf3d52027a3c2810N.exe
2340	c822d2860b3645bcdf3d52027a3c2810N.exe
1388	c822d2860b3645bcdf3d52027a3c2810N.exe
2548	c822d2860b3645bcdf3d52027a3c2810N.exe
2188	c822d2860b3645bcdf3d52027a3c2810N.exe
2788	c822d2860b3645bcdf3d52027a3c2810N.exe
1072	c822d2860b3645bcdf3d52027a3c2810N.exe
308	c822d2860b3645bcdf3d52027a3c2810N.exe
688	c822d2860b3645bcdf3d52027a3c2810N.exe
688	c822d2860b3645bcdf3d52027a3c2810N.exe
828	c822d2860b3645bcdf3d52027a3c2810N.exe
828	c822d2860b3645bcdf3d52027a3c2810N.exe
872	c822d2860b3645bcdf3d52027a3c2810N.exe
872	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
1304	c822d2860b3645bcdf3d52027a3c2810N.exe
1724	c822d2860b3645bcdf3d52027a3c2810N.exe
1724	c822d2860b3645bcdf3d52027a3c2810N.exe
2932	c822d2860b3645bcdf3d52027a3c2810N.exe
2932	c822d2860b3645bcdf3d52027a3c2810N.exe
1216	c822d2860b3645bcdf3d52027a3c2810N.exe
1216	c822d2860b3645bcdf3d52027a3c2810N.exe
1940	c822d2860b3645bcdf3d52027a3c2810N.exe
1940	c822d2860b3645bcdf3d52027a3c2810N.exe
2320	c822d2860b3645bcdf3d52027a3c2810N.exe
2320	c822d2860b3645bcdf3d52027a3c2810N.exe
1288	c822d2860b3645bcdf3d52027a3c2810N.exe
1288	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
2456	c822d2860b3645bcdf3d52027a3c2810N.exe
2844	c822d2860b3645bcdf3d52027a3c2810N.exe
2844	c822d2860b3645bcdf3d52027a3c2810N.exe
2844	c822d2860b3645bcdf3d52027a3c2810N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2456	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	30
PID 1304 wrote to memory of 2456	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	30
PID 1304 wrote to memory of 2456	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	30
PID 1304 wrote to memory of 2456	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	30
PID 2456 wrote to memory of 1216	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	31
PID 2456 wrote to memory of 1216	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	31
PID 2456 wrote to memory of 1216	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	31
PID 2456 wrote to memory of 1216	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	31
PID 1304 wrote to memory of 536	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	32
PID 1304 wrote to memory of 536	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	32
PID 1304 wrote to memory of 536	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	32
PID 1304 wrote to memory of 536	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	32
PID 1216 wrote to memory of 2788	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	33
PID 1216 wrote to memory of 2788	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	33
PID 1216 wrote to memory of 2788	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	33
PID 1216 wrote to memory of 2788	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	33
PID 2456 wrote to memory of 2844	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	34
PID 2456 wrote to memory of 2844	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	34
PID 2456 wrote to memory of 2844	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	34
PID 2456 wrote to memory of 2844	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	34
PID 1304 wrote to memory of 2236	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	35
PID 1304 wrote to memory of 2236	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	35
PID 1304 wrote to memory of 2236	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	35
PID 1304 wrote to memory of 2236	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	35
PID 536 wrote to memory of 1288	536	c822d2860b3645bcdf3d52027a3c2810N.exe	36
PID 536 wrote to memory of 1288	536	c822d2860b3645bcdf3d52027a3c2810N.exe	36
PID 536 wrote to memory of 1288	536	c822d2860b3645bcdf3d52027a3c2810N.exe	36
PID 536 wrote to memory of 1288	536	c822d2860b3645bcdf3d52027a3c2810N.exe	36
PID 2788 wrote to memory of 2548	2788	c822d2860b3645bcdf3d52027a3c2810N.exe	37
PID 2788 wrote to memory of 2548	2788	c822d2860b3645bcdf3d52027a3c2810N.exe	37
PID 2788 wrote to memory of 2548	2788	c822d2860b3645bcdf3d52027a3c2810N.exe	37
PID 2788 wrote to memory of 2548	2788	c822d2860b3645bcdf3d52027a3c2810N.exe	37
PID 1216 wrote to memory of 2188	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	38
PID 1216 wrote to memory of 2188	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	38
PID 1216 wrote to memory of 2188	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	38
PID 1216 wrote to memory of 2188	1216	c822d2860b3645bcdf3d52027a3c2810N.exe	38
PID 2456 wrote to memory of 1072	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	39
PID 2456 wrote to memory of 1072	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	39
PID 2456 wrote to memory of 1072	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	39
PID 2456 wrote to memory of 1072	2456	c822d2860b3645bcdf3d52027a3c2810N.exe	39
PID 2844 wrote to memory of 872	2844	c822d2860b3645bcdf3d52027a3c2810N.exe	40
PID 2844 wrote to memory of 872	2844	c822d2860b3645bcdf3d52027a3c2810N.exe	40
PID 2844 wrote to memory of 872	2844	c822d2860b3645bcdf3d52027a3c2810N.exe	40
PID 2844 wrote to memory of 872	2844	c822d2860b3645bcdf3d52027a3c2810N.exe	40
PID 1288 wrote to memory of 1244	1288	c822d2860b3645bcdf3d52027a3c2810N.exe	41
PID 1288 wrote to memory of 1244	1288	c822d2860b3645bcdf3d52027a3c2810N.exe	41
PID 1288 wrote to memory of 1244	1288	c822d2860b3645bcdf3d52027a3c2810N.exe	41
PID 1288 wrote to memory of 1244	1288	c822d2860b3645bcdf3d52027a3c2810N.exe	41
PID 2236 wrote to memory of 1900	2236	c822d2860b3645bcdf3d52027a3c2810N.exe	42
PID 2236 wrote to memory of 1900	2236	c822d2860b3645bcdf3d52027a3c2810N.exe	42
PID 2236 wrote to memory of 1900	2236	c822d2860b3645bcdf3d52027a3c2810N.exe	42
PID 2236 wrote to memory of 1900	2236	c822d2860b3645bcdf3d52027a3c2810N.exe	42
PID 1304 wrote to memory of 1748	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	43
PID 1304 wrote to memory of 1748	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	43
PID 1304 wrote to memory of 1748	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	43
PID 1304 wrote to memory of 1748	1304	c822d2860b3645bcdf3d52027a3c2810N.exe	43
PID 536 wrote to memory of 2356	536	c822d2860b3645bcdf3d52027a3c2810N.exe	44
PID 536 wrote to memory of 2356	536	c822d2860b3645bcdf3d52027a3c2810N.exe	44
PID 536 wrote to memory of 2356	536	c822d2860b3645bcdf3d52027a3c2810N.exe	44
PID 536 wrote to memory of 2356	536	c822d2860b3645bcdf3d52027a3c2810N.exe	44
PID 2188 wrote to memory of 2180	2188	c822d2860b3645bcdf3d52027a3c2810N.exe	45
PID 2188 wrote to memory of 2180	2188	c822d2860b3645bcdf3d52027a3c2810N.exe	45
PID 2188 wrote to memory of 2180	2188	c822d2860b3645bcdf3d52027a3c2810N.exe	45
PID 2188 wrote to memory of 2180	2188	c822d2860b3645bcdf3d52027a3c2810N.exe	45

C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
"C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        10⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        10⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:19904
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:19880
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:23564
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:19800
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:21916
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:20168
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:21952
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:19912
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:21812
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:19872
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:22080
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:21828
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:20008
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19816
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:20076
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:11140
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        9⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:19964
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:20116
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:21336
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:19940
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10676
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:23964
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:23628
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14656
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:19824
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:19896
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:21528
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:19988
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19976
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:20156
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5392
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12972
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12256
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:10660
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:23620
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:23788
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:20044
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:19808
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:21548
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:19836
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10692
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:21908
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10740
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:21944
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:20068
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10756
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:20140
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:20036
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:19920
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:14872
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:10708
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:23780
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        7⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:20132
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:23712
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:20088
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10652
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19932
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10700
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:23576
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:10644
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:13580
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:23852
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:8560
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:12668
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:21820
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:19996
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:23452
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:11676
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:13596
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12752
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:12620
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
        5⤵
        
        PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:20020
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12568
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12280
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:10668
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:14848
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:8400
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:12712
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4176
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
      "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
      4⤵
      PID:20968
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:11448
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:19956
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  PID:6344
- - C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
    "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
    3⤵
    PID:15444
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  PID:8576
- C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe
  "C:\Users\Admin\AppData\Local\Temp\c822d2860b3645bcdf3d52027a3c2810N.exe"
  2⤵
  PID:12680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\indian cum blowjob full movie .mpg.exe

Filesize
337KB

MD5
48cc5841d6cfd435c87e5db80cd01d82

SHA1
6f5c2945c38f8ba8cee372d19bf589f6615b4a0a

SHA256
634b123a2be6d6bf4152c04a6d3d73c57dd298ce54c8e3989f4894a2ddc04b14

SHA512
6025a3a3be7010feb6a3b0ff688bae5b540404b38bd534f0a177a1bd793554e0b1fb5b1e7d65268019b5dcc8dcecb31e682fffee4c91472302a52028f4782725

Download Submit
C:\debug.txt

Filesize
183B

MD5
e4512910b6d498626c80f45d5e5a666c

SHA1
c6412bd8f3d1f09555fb597e17e86113299ecb00

SHA256
80b86dcac75bbb1d0718c1283ba5f532ab941f1d0f0c2b5d134969cdd9522cd6

SHA512
dd69db4a270110144e185f660a8449ee189cc7b3f73b8732dfcb7f89a993517441b4cecfd466aa2e70d87d952d373c9983144f483b7cd9952d64a63f4e550bb9

Download Submit
memory/308-141-0x00000000047C0000-0x00000000047EB000-memory.dmp

Filesize
172KB

Download
memory/308-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/532-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/556-156-0x0000000004610000-0x000000000463B000-memory.dmp

Filesize
172KB

Download
memory/648-157-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/648-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/688-134-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/688-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/828-191-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/828-136-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/828-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/872-133-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/872-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/872-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1028-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-130-0x0000000004570000-0x000000000459B000-memory.dmp

Filesize
172KB

Download
memory/1072-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-182-0x0000000004570000-0x000000000459B000-memory.dmp

Filesize
172KB

Download
memory/1216-139-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1216-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1216-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1216-92-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1244-154-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1244-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1244-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1244-113-0x0000000001F10000-0x0000000001F3B000-memory.dmp

Filesize
172KB

Download
memory/1288-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1288-146-0x0000000004A40000-0x0000000004A6B000-memory.dmp

Filesize
172KB

Download
memory/1288-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1304-90-0x00000000059C0000-0x00000000059EB000-memory.dmp

Filesize
172KB

Download
memory/1304-64-0x00000000059C0000-0x00000000059EB000-memory.dmp

Filesize
172KB

Download
memory/1304-137-0x00000000062A0000-0x00000000062CB000-memory.dmp

Filesize
172KB

Download
memory/1304-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1304-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1348-159-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1388-183-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1388-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1388-127-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1636-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1676-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-142-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1748-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1748-155-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1748-115-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1900-152-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1900-114-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1900-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1940-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1940-148-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2180-121-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2180-179-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2180-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-125-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2188-103-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2188-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2232-170-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2232-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-149-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2236-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2240-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2240-160-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/2340-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2340-122-0x0000000004610000-0x000000000463B000-memory.dmp

Filesize
172KB

Download
memory/2356-153-0x0000000004560000-0x000000000458B000-memory.dmp

Filesize
172KB

Download
memory/2356-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2456-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2456-88-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2456-173-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2456-65-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2504-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2548-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2548-104-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2548-124-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2548-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2572-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2668-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2700-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2704-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2740-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2788-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2788-128-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2788-186-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2788-184-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2788-95-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2816-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2840-158-0x0000000004900000-0x000000000492B000-memory.dmp

Filesize
172KB

Download
memory/2844-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2884-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2916-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-143-0x00000000046A0000-0x00000000046CB000-memory.dmp

Filesize
172KB

Download
memory/3580-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3588-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download