dbd5dbf43f051e764f98624eb203ae675924eecbd1461adfe38f913afdfc5db1

Analysis

max time kernel
15s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4480b92adee565da9869ab220773f5b0N.exe
Size

745KB
MD5

4480b92adee565da9869ab220773f5b0
SHA1

86485d7a3d170cda9f166d2947127140ca2ab417
SHA256

dbd5dbf43f051e764f98624eb203ae675924eecbd1461adfe38f913afdfc5db1
SHA512

8b012b715390906aa87b044af99639f716bec42c69065315d76536b15521fd66daa2283e62ec9e03524a61d9e1a5ffa3056b44f8329848f2f71ba3566173c9a9
SSDEEP

12288:bPKL8qrRHroclNT9OdeHL7fR3RRcc3A7Aodmyc2px83LwKWqF2kJC5x:bSL3LoMHOdO7fRcX7MN2nlHqFrJkx

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000017131-5.dat	upx
behavioral1/memory/2748-56-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2792-89-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1856-90-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3028-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2028-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3004-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1080-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/340-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1612-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3004-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1804-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/876-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3060-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2056-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1612-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1768-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2996-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/876-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2752-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3060-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2416-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2056-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1656-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2556-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1656-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3344-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3852-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3920-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3948-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3820-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4048-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4060-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4084-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4076-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3920-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3964-141-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3380-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4048-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4060-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4084-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4164-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1472-149-0x0000000004F20000-0x0000000004F3D000-memory.dmp	upx
behavioral1/memory/4300-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4292-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3380-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1080-161-0x0000000005060000-0x000000000507D000-memory.dmp	upx
behavioral1/memory/4444-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4212-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4164-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1472-166-0x0000000004F20000-0x0000000004F3D000-memory.dmp	upx
behavioral1/memory/4612-178-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1080-179-0x0000000005060000-0x000000000507D000-memory.dmp	upx
behavioral1/memory/4516-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4716-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4500-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4492-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4668-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4452-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4444-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4592-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4516-174-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4340-171-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4480b92adee565da9869ab220773f5b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\H:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\O:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\P:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\V:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\K:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\N:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\S:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\Z:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\A:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\B:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\G:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\I:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\X:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\L:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\M:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\U:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\W:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\T:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\E:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\J:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\Q:	4480b92adee565da9869ab220773f5b0N.exe
File opened (read-only)	\??\R:	4480b92adee565da9869ab220773f5b0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian hot (!) mistress (Kathrin,Karin).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish sperm hidden fishy .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian action hardcore sleeping .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian handjob sperm masturbation feet shower .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking big penetration .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish fetish horse sleeping glans (Jenna,Sylvia).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\xxx uncut (Janette).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american kicking xxx girls titts ejaculation (Sarah).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish porn xxx voyeur feet black hairunshaved .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\danish fetish trambling licking (Liz).avi.exe	4480b92adee565da9869ab220773f5b0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese cumshot lingerie hidden titts .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american nude blowjob [free] high heels .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling sleeping (Janette).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish horse sperm [bangbus] cock femdom .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie catfight ash .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie licking (Sarah).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian handjob hardcore uncut cock .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\black nude horse voyeur titts lady .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\brasilian horse gay [milf] feet .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian cum fucking hot (!) .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files\Windows Journal\Templates\american porn horse girls cock .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish horse trambling voyeur feet swallow .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian animal bukkake uncut hole .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\beast licking stockings .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish porn blowjob lesbian hole circumcision (Samantha).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish animal trambling hot (!) traffic (Kathrin,Karin).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay [free] 40+ .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese fetish lesbian full movie girly (Anniston,Melissa).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\InstallTemp\american horse xxx full movie .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\mssrv.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish fetish sperm voyeur titts girly .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian uncut black hairunshaved .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american horse blowjob public wifey .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\chinese lesbian hidden granny .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\horse lingerie catfight .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\black nude gay [bangbus] granny .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\chinese lingerie catfight penetration .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob masturbation feet YEâPSè& (Liz).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob [free] titts .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\brasilian beastiality lingerie big (Liz).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cumshot hardcore masturbation femdom .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\tmp\italian cumshot fucking licking .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\PLA\Templates\japanese action sperm public hole sm .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian animal bukkake big .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\kicking sperm [free] pregnant .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay [bangbus] swallow .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\lingerie licking hole traffic .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia blowjob voyeur hole (Ashley,Jade).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\italian gang bang hardcore licking feet .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude horse public (Sarah).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian handjob fucking hot (!) feet swallow (Sarah).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish beastiality xxx sleeping titts upskirt (Jade).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\black gang bang lesbian uncut .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african horse masturbation titts hotel .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\malaysia lesbian hidden YEâPSè& .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black handjob sperm sleeping shower .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british blowjob big titts .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\trambling lesbian gorgeoushorny .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\black handjob gay voyeur (Sylvia).rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx catfight YEâPSè& .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian gang bang beast big bedroom .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\italian handjob bukkake catfight titts .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french lingerie sleeping 40+ .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\chinese horse [bangbus] (Jade).mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob licking bondage (Kathrin,Sylvia).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black handjob fucking full movie blondie .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Downloaded Program Files\american handjob fucking [free] .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\german gay hot (!) .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\spanish trambling public glans .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\american porn horse [free] feet pregnant (Tatjana).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm sleeping (Tatjana).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish handjob xxx full movie beautyfull .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie full movie 50+ .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian handjob beast full movie feet .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\temp\cumshot horse voyeur feet boots .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish gang bang lesbian catfight feet redhair (Karin).mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\security\templates\swedish handjob gay uncut glans wifey (Janette).zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\swedish horse lingerie hidden mature .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\black cumshot blowjob [bangbus] (Janette).avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\horse trambling [bangbus] cock 40+ .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake voyeur feet .avi.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling full movie titts .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\porn horse several models ìï .mpg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\swedish nude gay big cock .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\nude lesbian public hole gorgeoushorny .rar.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\cumshot lingerie girls .zip.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\nude gay lesbian .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\american handjob horse hot (!) .mpeg.exe	4480b92adee565da9869ab220773f5b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay voyeur .zip.exe	4480b92adee565da9869ab220773f5b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 44 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4480b92adee565da9869ab220773f5b0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3028	4480b92adee565da9869ab220773f5b0N.exe
2748	4480b92adee565da9869ab220773f5b0N.exe
3028	4480b92adee565da9869ab220773f5b0N.exe
2792	4480b92adee565da9869ab220773f5b0N.exe
2216	4480b92adee565da9869ab220773f5b0N.exe
2748	4480b92adee565da9869ab220773f5b0N.exe
3028	4480b92adee565da9869ab220773f5b0N.exe
1480	4480b92adee565da9869ab220773f5b0N.exe
1264	4480b92adee565da9869ab220773f5b0N.exe
1984	4480b92adee565da9869ab220773f5b0N.exe
2792	4480b92adee565da9869ab220773f5b0N.exe
1856	4480b92adee565da9869ab220773f5b0N.exe
2216	4480b92adee565da9869ab220773f5b0N.exe
2748	4480b92adee565da9869ab220773f5b0N.exe
3028	4480b92adee565da9869ab220773f5b0N.exe
1708	4480b92adee565da9869ab220773f5b0N.exe
900	4480b92adee565da9869ab220773f5b0N.exe
1480	4480b92adee565da9869ab220773f5b0N.exe
2872	4480b92adee565da9869ab220773f5b0N.exe
2028	4480b92adee565da9869ab220773f5b0N.exe
1984	4480b92adee565da9869ab220773f5b0N.exe
1264	4480b92adee565da9869ab220773f5b0N.exe
1472	4480b92adee565da9869ab220773f5b0N.exe
2920	4480b92adee565da9869ab220773f5b0N.exe
848	4480b92adee565da9869ab220773f5b0N.exe
2792	4480b92adee565da9869ab220773f5b0N.exe
2076	4480b92adee565da9869ab220773f5b0N.exe
1856	4480b92adee565da9869ab220773f5b0N.exe
2216	4480b92adee565da9869ab220773f5b0N.exe
2748	4480b92adee565da9869ab220773f5b0N.exe
3028	4480b92adee565da9869ab220773f5b0N.exe
1956	4480b92adee565da9869ab220773f5b0N.exe
1276	4480b92adee565da9869ab220773f5b0N.exe
900	4480b92adee565da9869ab220773f5b0N.exe
316	4480b92adee565da9869ab220773f5b0N.exe
1708	4480b92adee565da9869ab220773f5b0N.exe
3004	4480b92adee565da9869ab220773f5b0N.exe
3016	4480b92adee565da9869ab220773f5b0N.exe
1480	4480b92adee565da9869ab220773f5b0N.exe
1264	4480b92adee565da9869ab220773f5b0N.exe
1600	4480b92adee565da9869ab220773f5b0N.exe
1080	4480b92adee565da9869ab220773f5b0N.exe
1984	4480b92adee565da9869ab220773f5b0N.exe
1864	4480b92adee565da9869ab220773f5b0N.exe
2872	4480b92adee565da9869ab220773f5b0N.exe
1856	4480b92adee565da9869ab220773f5b0N.exe
2792	4480b92adee565da9869ab220773f5b0N.exe
2028	4480b92adee565da9869ab220773f5b0N.exe
1044	4480b92adee565da9869ab220773f5b0N.exe
1472	4480b92adee565da9869ab220773f5b0N.exe
2216	4480b92adee565da9869ab220773f5b0N.exe
2456	4480b92adee565da9869ab220773f5b0N.exe
2748	4480b92adee565da9869ab220773f5b0N.exe
1732	4480b92adee565da9869ab220773f5b0N.exe
340	4480b92adee565da9869ab220773f5b0N.exe
1336	4480b92adee565da9869ab220773f5b0N.exe
1336	4480b92adee565da9869ab220773f5b0N.exe
1612	4480b92adee565da9869ab220773f5b0N.exe
1612	4480b92adee565da9869ab220773f5b0N.exe
2164	4480b92adee565da9869ab220773f5b0N.exe
2164	4480b92adee565da9869ab220773f5b0N.exe
1484	4480b92adee565da9869ab220773f5b0N.exe
1484	4480b92adee565da9869ab220773f5b0N.exe
3028	4480b92adee565da9869ab220773f5b0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2748	3028	4480b92adee565da9869ab220773f5b0N.exe	30
PID 3028 wrote to memory of 2748	3028	4480b92adee565da9869ab220773f5b0N.exe	30
PID 3028 wrote to memory of 2748	3028	4480b92adee565da9869ab220773f5b0N.exe	30
PID 3028 wrote to memory of 2748	3028	4480b92adee565da9869ab220773f5b0N.exe	30
PID 2748 wrote to memory of 2792	2748	4480b92adee565da9869ab220773f5b0N.exe	31
PID 2748 wrote to memory of 2792	2748	4480b92adee565da9869ab220773f5b0N.exe	31
PID 2748 wrote to memory of 2792	2748	4480b92adee565da9869ab220773f5b0N.exe	31
PID 2748 wrote to memory of 2792	2748	4480b92adee565da9869ab220773f5b0N.exe	31
PID 3028 wrote to memory of 2216	3028	4480b92adee565da9869ab220773f5b0N.exe	32
PID 3028 wrote to memory of 2216	3028	4480b92adee565da9869ab220773f5b0N.exe	32
PID 3028 wrote to memory of 2216	3028	4480b92adee565da9869ab220773f5b0N.exe	32
PID 3028 wrote to memory of 2216	3028	4480b92adee565da9869ab220773f5b0N.exe	32
PID 2792 wrote to memory of 1480	2792	4480b92adee565da9869ab220773f5b0N.exe	34
PID 2792 wrote to memory of 1480	2792	4480b92adee565da9869ab220773f5b0N.exe	34
PID 2792 wrote to memory of 1480	2792	4480b92adee565da9869ab220773f5b0N.exe	34
PID 2792 wrote to memory of 1480	2792	4480b92adee565da9869ab220773f5b0N.exe	34
PID 2216 wrote to memory of 1264	2216	4480b92adee565da9869ab220773f5b0N.exe	35
PID 2216 wrote to memory of 1264	2216	4480b92adee565da9869ab220773f5b0N.exe	35
PID 2216 wrote to memory of 1264	2216	4480b92adee565da9869ab220773f5b0N.exe	35
PID 2216 wrote to memory of 1264	2216	4480b92adee565da9869ab220773f5b0N.exe	35
PID 2748 wrote to memory of 1984	2748	4480b92adee565da9869ab220773f5b0N.exe	36
PID 2748 wrote to memory of 1984	2748	4480b92adee565da9869ab220773f5b0N.exe	36
PID 2748 wrote to memory of 1984	2748	4480b92adee565da9869ab220773f5b0N.exe	36
PID 2748 wrote to memory of 1984	2748	4480b92adee565da9869ab220773f5b0N.exe	36
PID 3028 wrote to memory of 1856	3028	4480b92adee565da9869ab220773f5b0N.exe	37
PID 3028 wrote to memory of 1856	3028	4480b92adee565da9869ab220773f5b0N.exe	37
PID 3028 wrote to memory of 1856	3028	4480b92adee565da9869ab220773f5b0N.exe	37
PID 3028 wrote to memory of 1856	3028	4480b92adee565da9869ab220773f5b0N.exe	37
PID 1480 wrote to memory of 1708	1480	4480b92adee565da9869ab220773f5b0N.exe	38
PID 1480 wrote to memory of 1708	1480	4480b92adee565da9869ab220773f5b0N.exe	38
PID 1480 wrote to memory of 1708	1480	4480b92adee565da9869ab220773f5b0N.exe	38
PID 1480 wrote to memory of 1708	1480	4480b92adee565da9869ab220773f5b0N.exe	38
PID 1264 wrote to memory of 2872	1264	4480b92adee565da9869ab220773f5b0N.exe	40
PID 1264 wrote to memory of 2872	1264	4480b92adee565da9869ab220773f5b0N.exe	40
PID 1264 wrote to memory of 2872	1264	4480b92adee565da9869ab220773f5b0N.exe	40
PID 1264 wrote to memory of 2872	1264	4480b92adee565da9869ab220773f5b0N.exe	40
PID 1984 wrote to memory of 900	1984	4480b92adee565da9869ab220773f5b0N.exe	39
PID 1984 wrote to memory of 900	1984	4480b92adee565da9869ab220773f5b0N.exe	39
PID 1984 wrote to memory of 900	1984	4480b92adee565da9869ab220773f5b0N.exe	39
PID 1984 wrote to memory of 900	1984	4480b92adee565da9869ab220773f5b0N.exe	39
PID 2792 wrote to memory of 2920	2792	4480b92adee565da9869ab220773f5b0N.exe	41
PID 2792 wrote to memory of 2920	2792	4480b92adee565da9869ab220773f5b0N.exe	41
PID 2792 wrote to memory of 2920	2792	4480b92adee565da9869ab220773f5b0N.exe	41
PID 2792 wrote to memory of 2920	2792	4480b92adee565da9869ab220773f5b0N.exe	41
PID 1856 wrote to memory of 2028	1856	4480b92adee565da9869ab220773f5b0N.exe	42
PID 1856 wrote to memory of 2028	1856	4480b92adee565da9869ab220773f5b0N.exe	42
PID 1856 wrote to memory of 2028	1856	4480b92adee565da9869ab220773f5b0N.exe	42
PID 1856 wrote to memory of 2028	1856	4480b92adee565da9869ab220773f5b0N.exe	42
PID 2216 wrote to memory of 848	2216	4480b92adee565da9869ab220773f5b0N.exe	43
PID 2216 wrote to memory of 848	2216	4480b92adee565da9869ab220773f5b0N.exe	43
PID 2216 wrote to memory of 848	2216	4480b92adee565da9869ab220773f5b0N.exe	43
PID 2216 wrote to memory of 848	2216	4480b92adee565da9869ab220773f5b0N.exe	43
PID 2748 wrote to memory of 1472	2748	4480b92adee565da9869ab220773f5b0N.exe	44
PID 2748 wrote to memory of 1472	2748	4480b92adee565da9869ab220773f5b0N.exe	44
PID 2748 wrote to memory of 1472	2748	4480b92adee565da9869ab220773f5b0N.exe	44
PID 2748 wrote to memory of 1472	2748	4480b92adee565da9869ab220773f5b0N.exe	44
PID 3028 wrote to memory of 2076	3028	4480b92adee565da9869ab220773f5b0N.exe	45
PID 3028 wrote to memory of 2076	3028	4480b92adee565da9869ab220773f5b0N.exe	45
PID 3028 wrote to memory of 2076	3028	4480b92adee565da9869ab220773f5b0N.exe	45
PID 3028 wrote to memory of 2076	3028	4480b92adee565da9869ab220773f5b0N.exe	45
PID 1708 wrote to memory of 1956	1708	4480b92adee565da9869ab220773f5b0N.exe	46
PID 1708 wrote to memory of 1956	1708	4480b92adee565da9869ab220773f5b0N.exe	46
PID 1708 wrote to memory of 1956	1708	4480b92adee565da9869ab220773f5b0N.exe	46
PID 1708 wrote to memory of 1956	1708	4480b92adee565da9869ab220773f5b0N.exe	46

C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
"C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        10⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        11⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        10⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14528
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        9⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:22140
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:22740
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14116
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16856
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14164
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:12708
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:12780
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:15296
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:21884
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:22756
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:22088
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:20880
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:22888
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:21848
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13124
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:21428
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:17356
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14592
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14408
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13748
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:23220
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:15800
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        8⤵
        
        PID:22096
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14448
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:15372
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14028
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16904
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:12676
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:8584
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:14320
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:12620
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13636
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13676
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14304
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:22080
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:17772
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13764
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:13828
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14576
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:12700
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:14664
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13924
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
      4⤵
      PID:16936
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:13844
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:6660
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:14256
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:10232
- - C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
    3⤵
    PID:23252
- C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4480b92adee565da9869ab220773f5b0N.exe"
  2⤵
  PID:17040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian cum fucking hot (!) .zip.exe

Filesize
1.9MB

MD5
a2ba17a70c122200e40155298a53d232

SHA1
2ed09023da002c7cfca2849f0488998dc2dea725

SHA256
8f0c82e6fc1fb03c5f54b5e6bea156f81620df99b907f819822af2322146a299

SHA512
d5de67d496be3757382b5f68f8dc1fa3ac7277a7083a09caaae5b4de6e1d04035ffcd92263a1e143f1262a75c4fcac71a3f0df2e00c40a434716476d121d6496

Download Submit
C:\debug.txt

Filesize
183B

MD5
5972a755b1cd0a3ea8f393c63c4ed09a

SHA1
28dd431458fce6629247a86e072f48cbd6448040

SHA256
0a2ee85f03c6105c9750a440657584ccdb87004ee8454facce46bccb2c6cd7dd

SHA512
f3b83d0b165b6e24d9786b6ab59ee9eea0b53685ecfe502d18c35ede560f58bf122fde5f59d48d938be8bedf78dfb2a484a2425c20f94d0b7bf8a39901401973

Download Submit
memory/340-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/876-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/876-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1080-161-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/1080-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1080-179-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/1336-185-0x00000000045E0000-0x00000000045FD000-memory.dmp

Filesize
116KB

Download
memory/1472-149-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/1472-166-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/1472-101-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/1480-113-0x00000000045E0000-0x00000000045FD000-memory.dmp

Filesize
116KB

Download
memory/1612-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1612-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1612-186-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/1656-176-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/1656-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1656-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1656-159-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/1768-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1768-131-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/1768-140-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/1804-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-107-0x0000000001F20000-0x0000000001F3D000-memory.dmp

Filesize
116KB

Download
memory/1856-90-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1864-175-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

Filesize
116KB

Download
memory/2028-99-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/2028-109-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/2028-157-0x0000000004F30000-0x0000000004F4D000-memory.dmp

Filesize
116KB

Download
memory/2028-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2028-143-0x0000000004F30000-0x0000000004F4D000-memory.dmp

Filesize
116KB

Download
memory/2056-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2056-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2076-173-0x0000000004630000-0x000000000464D000-memory.dmp

Filesize
116KB

Download
memory/2076-188-0x0000000004630000-0x000000000464D000-memory.dmp

Filesize
116KB

Download
memory/2416-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2556-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2656-146-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2656-160-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2748-56-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2748-88-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/2752-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2792-98-0x0000000004590000-0x00000000045AD000-memory.dmp

Filesize
116KB

Download
memory/2792-108-0x0000000004590000-0x00000000045AD000-memory.dmp

Filesize
116KB

Download
memory/2792-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2872-97-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2872-105-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2996-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3004-136-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/3004-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3004-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3028-172-0x0000000004A00000-0x0000000004A1D000-memory.dmp

Filesize
116KB

Download
memory/3028-158-0x0000000004A00000-0x0000000004A1D000-memory.dmp

Filesize
116KB

Download
memory/3028-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3028-55-0x00000000049F0000-0x0000000004A0D000-memory.dmp

Filesize
116KB

Download
memory/3028-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3028-93-0x0000000004A00000-0x0000000004A1D000-memory.dmp

Filesize
116KB

Download
memory/3060-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3060-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3344-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3380-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3380-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3820-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3852-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3920-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3920-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3948-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3964-141-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4060-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4060-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4076-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4084-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4084-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4164-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4164-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4212-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4292-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4300-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4300-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4340-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4444-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4444-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4452-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4452-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4492-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4492-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4500-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4500-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4508-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4516-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4516-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4592-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4612-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4668-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4716-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download