2764ec18ad6d5fe9dbfb2e00bc8d7c0fd335d0d6188a4b090195c8c50e202e79

Analysis

max time kernel
23s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4948596f36fe7e77bdf03cd4c1285190N.exe
Size

1.4MB
MD5

4948596f36fe7e77bdf03cd4c1285190
SHA1

5bd75198679a43683ce7cff3b905866ac0b84edc
SHA256

2764ec18ad6d5fe9dbfb2e00bc8d7c0fd335d0d6188a4b090195c8c50e202e79
SHA512

83a06811c2dbd67ccddc83f2736d0a698ed1813c01cf5b65af5dbb104391429f3e22e91b4ba1a1a01c7d9814f65044b9d1789312ac44845f74eee701a2b22d0d
SSDEEP

24576:oWtj7OmiAJgxtC8jyC8svKrFiFObZjZXZlxrb/5UCv83DBT9cyrnSA/1/xN:V8mDetC8jWGE9BHxrb/5Uc83Dx9bxN

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4948596f36fe7e77bdf03cd4c1285190N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\Q:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\U:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\E:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\I:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\J:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\K:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\T:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\Y:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\M:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\P:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\S:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\W:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\V:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\A:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\B:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\G:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\H:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\N:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\O:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\R:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\X:	4948596f36fe7e77bdf03cd4c1285190N.exe
File opened (read-only)	\??\Z:	4948596f36fe7e77bdf03cd4c1285190N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\chinese blowjob handjob hot (!) (Ashley).rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish xxx beast [bangbus] .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish cum full movie sm (Karin).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie several models hole .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american handjob cumshot catfight (Liz).mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian fucking big .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\IME\shared\gang bang hardcore masturbation (Sonja,Ashley).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\african xxx action licking wifey (Sonja).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\kicking handjob licking ejaculation .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african nude catfight .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\blowjob girls .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\beast fucking uncut (Jenna).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse handjob uncut traffic .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gang bang full movie (Sonja).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\american hardcore uncut cock .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files\DVD Maker\Shared\japanese cum sperm voyeur cock (Sarah,Sonja).rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian sleeping titts circumcision (Curtney).mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian beastiality sleeping .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore catfight glans leather (Britney,Karin).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files\Windows Journal\Templates\german horse hardcore catfight feet sm (Sonja).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\spanish trambling several models bedroom (Kathrin).mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Google\Temp\action animal sleeping ash (Liz,Curtney).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\chinese fetish fetish [bangbus] .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob girls .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm hidden castration .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\black fucking [bangbus] bondage .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british fetish xxx [milf] 50+ (Karin,Liz).rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\black fetish hidden gorgeoushorny .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\american porn fucking catfight feet ejaculation .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian cumshot blowjob catfight black hairunshaved .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\italian porn gang bang big feet boots .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\mssrv.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay masturbation cock (Karin).rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian nude cumshot licking feet .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot bukkake masturbation cock 50+ .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\malaysia nude cumshot masturbation boobs .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\Downloaded Program Files\nude hidden girly (Kathrin).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\swedish horse sleeping .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\italian gay hot (!) ìï .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese beastiality action hot (!) circumcision .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\japanese lesbian beastiality uncut vagina (Sandy,Britney).rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\tyrkish trambling [free] .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\black fucking blowjob licking 40+ .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\tyrkish hardcore [free] lady (Jade,Liz).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\lingerie horse voyeur wifey (Kathrin).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian beast several models boobs pregnant .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\japanese handjob catfight hole sm .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian beast lesbian [milf] young .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\french beast beast masturbation .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\porn handjob hot (!) glans fishy .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\japanese gay full movie shoes .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian gang bang bukkake public beautyfull .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese beastiality animal hot (!) (Jade,Sonja).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian porn horse [milf] redhair .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\horse gay public glans circumcision (Jenna,Jade).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british cum porn public sm .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\malaysia lesbian licking beautyfull .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\african bukkake xxx hidden .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\fetish blowjob hot (!) swallow .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\beast sperm hidden .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese gay bukkake uncut glans 50+ (Anniston).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish sperm sleeping cock young (Liz,Britney).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian nude gay [milf] hole sweet .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian cum girls blondie (Anniston).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\bukkake hardcore uncut balls .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob porn hidden (Liz,Samantha).avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\canadian beast trambling big stockings .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\tmp\swedish action fucking [milf] .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\animal several models latex .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\black porn horse [milf] ejaculation .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\brasilian hardcore girls ash (Tatjana).mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\lingerie licking feet ash .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\handjob trambling catfight .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\german nude public cock ash .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\italian kicking hardcore girls (Janette).mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american horse handjob [bangbus] .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\PLA\Templates\lingerie handjob [milf] sweet .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian cumshot gay [free] wifey .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\bukkake girls beautyfull .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\bukkake [bangbus] .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\japanese bukkake voyeur gorgeoushorny .zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\cumshot sleeping .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\tyrkish action full movie .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian xxx big penetration .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish horse several models ejaculation .avi.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\lingerie uncut bedroom .rar.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gang bang cumshot [bangbus] vagina (Melissa,Britney).zip.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia handjob cumshot sleeping .mpg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\german gay [free] cock .mpeg.exe	4948596f36fe7e77bdf03cd4c1285190N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4948596f36fe7e77bdf03cd4c1285190N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2276	4948596f36fe7e77bdf03cd4c1285190N.exe
2208	4948596f36fe7e77bdf03cd4c1285190N.exe
2276	4948596f36fe7e77bdf03cd4c1285190N.exe
2628	4948596f36fe7e77bdf03cd4c1285190N.exe
1700	4948596f36fe7e77bdf03cd4c1285190N.exe
2208	4948596f36fe7e77bdf03cd4c1285190N.exe
2276	4948596f36fe7e77bdf03cd4c1285190N.exe
1312	4948596f36fe7e77bdf03cd4c1285190N.exe
2628	4948596f36fe7e77bdf03cd4c1285190N.exe
2056	4948596f36fe7e77bdf03cd4c1285190N.exe
916	4948596f36fe7e77bdf03cd4c1285190N.exe
1484	4948596f36fe7e77bdf03cd4c1285190N.exe
2208	4948596f36fe7e77bdf03cd4c1285190N.exe
1700	4948596f36fe7e77bdf03cd4c1285190N.exe
2276	4948596f36fe7e77bdf03cd4c1285190N.exe
2720	4948596f36fe7e77bdf03cd4c1285190N.exe
1716	4948596f36fe7e77bdf03cd4c1285190N.exe
1312	4948596f36fe7e77bdf03cd4c1285190N.exe
608	4948596f36fe7e77bdf03cd4c1285190N.exe
604	4948596f36fe7e77bdf03cd4c1285190N.exe
2628	4948596f36fe7e77bdf03cd4c1285190N.exe
2964	4948596f36fe7e77bdf03cd4c1285190N.exe
2056	4948596f36fe7e77bdf03cd4c1285190N.exe
2764	4948596f36fe7e77bdf03cd4c1285190N.exe
1880	4948596f36fe7e77bdf03cd4c1285190N.exe
2208	4948596f36fe7e77bdf03cd4c1285190N.exe
2260	4948596f36fe7e77bdf03cd4c1285190N.exe
1484	4948596f36fe7e77bdf03cd4c1285190N.exe
916	4948596f36fe7e77bdf03cd4c1285190N.exe
2276	4948596f36fe7e77bdf03cd4c1285190N.exe
1700	4948596f36fe7e77bdf03cd4c1285190N.exe
2232	4948596f36fe7e77bdf03cd4c1285190N.exe
2392	4948596f36fe7e77bdf03cd4c1285190N.exe
1096	4948596f36fe7e77bdf03cd4c1285190N.exe
2720	4948596f36fe7e77bdf03cd4c1285190N.exe
1784	4948596f36fe7e77bdf03cd4c1285190N.exe
1804	4948596f36fe7e77bdf03cd4c1285190N.exe
2004	4948596f36fe7e77bdf03cd4c1285190N.exe
1716	4948596f36fe7e77bdf03cd4c1285190N.exe
1312	4948596f36fe7e77bdf03cd4c1285190N.exe
608	4948596f36fe7e77bdf03cd4c1285190N.exe
620	4948596f36fe7e77bdf03cd4c1285190N.exe
604	4948596f36fe7e77bdf03cd4c1285190N.exe
2628	4948596f36fe7e77bdf03cd4c1285190N.exe
1100	4948596f36fe7e77bdf03cd4c1285190N.exe
908	4948596f36fe7e77bdf03cd4c1285190N.exe
2056	4948596f36fe7e77bdf03cd4c1285190N.exe
2508	4948596f36fe7e77bdf03cd4c1285190N.exe
1976	4948596f36fe7e77bdf03cd4c1285190N.exe
1880	4948596f36fe7e77bdf03cd4c1285190N.exe
2964	4948596f36fe7e77bdf03cd4c1285190N.exe
2764	4948596f36fe7e77bdf03cd4c1285190N.exe
916	4948596f36fe7e77bdf03cd4c1285190N.exe
916	4948596f36fe7e77bdf03cd4c1285190N.exe
1484	4948596f36fe7e77bdf03cd4c1285190N.exe
1484	4948596f36fe7e77bdf03cd4c1285190N.exe
552	4948596f36fe7e77bdf03cd4c1285190N.exe
552	4948596f36fe7e77bdf03cd4c1285190N.exe
920	4948596f36fe7e77bdf03cd4c1285190N.exe
920	4948596f36fe7e77bdf03cd4c1285190N.exe
2448	4948596f36fe7e77bdf03cd4c1285190N.exe
2448	4948596f36fe7e77bdf03cd4c1285190N.exe
996	4948596f36fe7e77bdf03cd4c1285190N.exe
996	4948596f36fe7e77bdf03cd4c1285190N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2208	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	30
PID 2276 wrote to memory of 2208	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	30
PID 2276 wrote to memory of 2208	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	30
PID 2276 wrote to memory of 2208	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	30
PID 2208 wrote to memory of 2628	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	31
PID 2208 wrote to memory of 2628	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	31
PID 2208 wrote to memory of 2628	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	31
PID 2208 wrote to memory of 2628	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	31
PID 2276 wrote to memory of 1700	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	32
PID 2276 wrote to memory of 1700	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	32
PID 2276 wrote to memory of 1700	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	32
PID 2276 wrote to memory of 1700	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	32
PID 2628 wrote to memory of 1312	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	33
PID 2628 wrote to memory of 1312	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	33
PID 2628 wrote to memory of 1312	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	33
PID 2628 wrote to memory of 1312	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	33
PID 2208 wrote to memory of 2056	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	34
PID 2208 wrote to memory of 2056	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	34
PID 2208 wrote to memory of 2056	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	34
PID 2208 wrote to memory of 2056	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	34
PID 1700 wrote to memory of 916	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	35
PID 1700 wrote to memory of 916	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	35
PID 1700 wrote to memory of 916	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	35
PID 1700 wrote to memory of 916	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	35
PID 2276 wrote to memory of 1484	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	36
PID 2276 wrote to memory of 1484	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	36
PID 2276 wrote to memory of 1484	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	36
PID 2276 wrote to memory of 1484	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	36
PID 1312 wrote to memory of 2720	1312	4948596f36fe7e77bdf03cd4c1285190N.exe	37
PID 1312 wrote to memory of 2720	1312	4948596f36fe7e77bdf03cd4c1285190N.exe	37
PID 1312 wrote to memory of 2720	1312	4948596f36fe7e77bdf03cd4c1285190N.exe	37
PID 1312 wrote to memory of 2720	1312	4948596f36fe7e77bdf03cd4c1285190N.exe	37
PID 2628 wrote to memory of 1716	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	38
PID 2628 wrote to memory of 1716	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	38
PID 2628 wrote to memory of 1716	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	38
PID 2628 wrote to memory of 1716	2628	4948596f36fe7e77bdf03cd4c1285190N.exe	38
PID 2056 wrote to memory of 608	2056	4948596f36fe7e77bdf03cd4c1285190N.exe	39
PID 2056 wrote to memory of 608	2056	4948596f36fe7e77bdf03cd4c1285190N.exe	39
PID 2056 wrote to memory of 608	2056	4948596f36fe7e77bdf03cd4c1285190N.exe	39
PID 2056 wrote to memory of 608	2056	4948596f36fe7e77bdf03cd4c1285190N.exe	39
PID 916 wrote to memory of 604	916	4948596f36fe7e77bdf03cd4c1285190N.exe	40
PID 916 wrote to memory of 604	916	4948596f36fe7e77bdf03cd4c1285190N.exe	40
PID 916 wrote to memory of 604	916	4948596f36fe7e77bdf03cd4c1285190N.exe	40
PID 916 wrote to memory of 604	916	4948596f36fe7e77bdf03cd4c1285190N.exe	40
PID 2208 wrote to memory of 2764	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	41
PID 2208 wrote to memory of 2764	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	41
PID 2208 wrote to memory of 2764	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	41
PID 2208 wrote to memory of 2764	2208	4948596f36fe7e77bdf03cd4c1285190N.exe	41
PID 1484 wrote to memory of 2964	1484	4948596f36fe7e77bdf03cd4c1285190N.exe	42
PID 1484 wrote to memory of 2964	1484	4948596f36fe7e77bdf03cd4c1285190N.exe	42
PID 1484 wrote to memory of 2964	1484	4948596f36fe7e77bdf03cd4c1285190N.exe	42
PID 1484 wrote to memory of 2964	1484	4948596f36fe7e77bdf03cd4c1285190N.exe	42
PID 1700 wrote to memory of 1880	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	43
PID 1700 wrote to memory of 1880	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	43
PID 1700 wrote to memory of 1880	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	43
PID 1700 wrote to memory of 1880	1700	4948596f36fe7e77bdf03cd4c1285190N.exe	43
PID 2276 wrote to memory of 2260	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	44
PID 2276 wrote to memory of 2260	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	44
PID 2276 wrote to memory of 2260	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	44
PID 2276 wrote to memory of 2260	2276	4948596f36fe7e77bdf03cd4c1285190N.exe	44
PID 2720 wrote to memory of 2232	2720	4948596f36fe7e77bdf03cd4c1285190N.exe	45
PID 2720 wrote to memory of 2232	2720	4948596f36fe7e77bdf03cd4c1285190N.exe	45
PID 2720 wrote to memory of 2232	2720	4948596f36fe7e77bdf03cd4c1285190N.exe	45
PID 2720 wrote to memory of 2232	2720	4948596f36fe7e77bdf03cd4c1285190N.exe	45

C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
"C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        10⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        10⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        10⤵
        
        PID:26196
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:20676
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:25068
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:24876
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:21516
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:24868
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:21008
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:25668
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20820
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20584
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:21072
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20888
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25652
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:17836
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:26180
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:21024
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20828
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20720
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20788
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:25140
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25720
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25108
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24900
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20712
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20872
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:24892
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20496
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21048
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:24948
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20476
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20916
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:24800
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25696
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20904
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20568
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20844
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20648
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20696
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20864
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25116
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21080
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20468
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24940
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20688
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:15312
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20576
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20796
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25124
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:20740
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:26188
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20616
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25156
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:26212
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:21144
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25164
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20780
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20552
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:18044
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:22208
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20488
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20752
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21400
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21432
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17596
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24280
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25688
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25148
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:22768
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20896
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:21056
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:25644
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25852
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20964
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20880
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:22092
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:24836
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24860
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25084
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17776
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25100
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:22748
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:6632
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:17940
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        8⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20988
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:20624
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:24844
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:22512
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:24852
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:21040
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21088
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20996
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:852
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25076
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20972
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20536
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20608
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24996
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17612
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:24988
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25132
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24956
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20760
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20452
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:21912
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20952
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25708
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20768
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20980
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17948
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:10500
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:17924
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1484
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        7⤵
        
        PID:25680
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:24808
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:26204
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:20656
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:24884
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20460
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:19944
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:21016
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20732
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20940
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20632
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20524
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:18236
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:9392
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:17332
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:25240
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        6⤵
        
        PID:25636
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25092
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:18012
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:25628
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:17856
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:21480
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:6712
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:15320
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:18004
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
        5⤵
        
        PID:20544
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:20560
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:25660
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:6720
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:10064
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:20804
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
      "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
      4⤵
      PID:25620
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:7096
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:11140
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:17276
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:24932
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4412
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:7660
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:10128
- - C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
    "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
    3⤵
    PID:20640
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  PID:6680
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  PID:10328
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  PID:17584
- C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe
  "C:\Users\Admin\AppData\Local\Temp\4948596f36fe7e77bdf03cd4c1285190N.exe"
  2⤵
  PID:25832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\chinese fetish fetish [bangbus] .avi.exe

Filesize
1.1MB

MD5
9d69d997ff420895225e618116ac3b5d

SHA1
deea6fa9629cefff3e94ef13f3b29792a8a94aa6

SHA256
777f238fa2119f4bcc505137f404d10155dd85a05a9809e034656f83a8bc0625

SHA512
24d9c86b6bd2bef904f40b0e05f90901fbab293429e939034366d47e28ac54dfd57f100ded5f612e1bef1d3f0096bc130b22f6043a1da8a32831d69ca2b5a883

Download Submit
C:\debug.txt

Filesize
183B

MD5
71ffc3ce52d8d0431acaf90c64a6613d

SHA1
2d79b0a9529a0036391e3ecdd6b9478f7fa15a75

SHA256
f34daa7728e0d26242c15a5c8fbc4a657a932cea3ed405591e8ecfa169a56ffe

SHA512
0567c9aa1ef721a83ea8d115a39f9dfdcf276c1a5a0a6d8005b407ee724995b2170fe81e8011fcf6a687f9ad2e1d3d43c87bb9fa081d0b9d784097432adce1a8

Download Submit