7446cdc9fc183b63c54cc8dfff4d574e6cc4044e803dafc683440cac7ce8d655

Analysis

max time kernel
26s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50a2a6aa57789deee95e72b504dbbeb0N.exe
Size

1.9MB
MD5

50a2a6aa57789deee95e72b504dbbeb0
SHA1

8663dc347ef6743b2b1b1b1642dde5ab8faec143
SHA256

7446cdc9fc183b63c54cc8dfff4d574e6cc4044e803dafc683440cac7ce8d655
SHA512

3e168a44b68a8ad63f7dcf2c274696b54caca8e8695a04db59335e0b7f826d35562f24bdbe758fcfaf9689e7834e30c863fd53a900fb8f724de183661d70e135
SSDEEP

49152:h5BdJKGVVSmSWnHcCE+o4fZoRzDbHnGMoj0Ow1JfzLmTGrg:/HJKsSZWnHcCEh4qmMJ1JfP4G0

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	50a2a6aa57789deee95e72b504dbbeb0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\U:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\B:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\I:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\L:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\M:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\R:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\V:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\W:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\X:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\H:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\Z:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\J:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\K:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\N:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\Y:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\G:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\E:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\O:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\P:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\Q:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\S:	50a2a6aa57789deee95e72b504dbbeb0N.exe
File opened (read-only)	\??\A:	50a2a6aa57789deee95e72b504dbbeb0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian gang bang sperm [bangbus] (Melissa).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian action bukkake several models ash .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian catfight 50+ .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian handjob blowjob several models .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french trambling uncut penetration .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\IME\shared\xxx big glans Ôë .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\french lingerie public .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian beastiality gay masturbation balls .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob [milf] feet wifey (Jade).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian handjob hardcore several models titts (Sonja,Samantha).avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\swedish beastiality beast uncut glans black hairunshaved .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian hidden feet fishy .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cumshot sperm hidden .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling hidden titts sweet .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files\Windows Journal\Templates\tyrkish animal bukkake masturbation fishy .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese beastiality gay [free] feet .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish handjob hardcore uncut 40+ .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx big young .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american action lesbian catfight upskirt .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files\DVD Maker\Shared\danish porn beast [bangbus] hole granny .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian action fucking public ash .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian animal lingerie catfight feet ash .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black gang bang xxx masturbation feet beautyfull .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake [milf] latex .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse sleeping .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\indian nude sperm [free] feet pregnant .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\indian cum trambling public glans (Christine,Janette).zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude gay voyeur .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\asian fucking [bangbus] sweet .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\xxx licking titts circumcision (Karin).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia bukkake catfight .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\gang bang gay full movie .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian porn sperm [milf] stockings .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn fucking hidden cock young .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob [bangbus] .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\kicking horse uncut YEâPSè& .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese beastiality xxx [bangbus] .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\SoftwareDistribution\Download\beast [milf] feet redhair (Karin).avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lesbian several models swallow .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\asian bukkake [bangbus] shoes .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\fucking licking stockings .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lingerie uncut 40+ .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian gang bang lesbian licking titts ash .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian animal sperm lesbian hole boots .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\japanese beastiality fucking several models .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british blowjob big lady .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian trambling lesbian .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\german xxx full movie cock .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\horse sleeping .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\african trambling girls high heels .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\bukkake full movie (Karin).avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish handjob lesbian catfight hairy .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\blowjob hot (!) pregnant .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\italian gang bang hardcore full movie cock .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese blowjob public feet .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx public 50+ .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\american horse gay [free] feet bondage (Sarah).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian bukkake sleeping (Tatjana).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\xxx lesbian cock fishy .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\PLA\Templates\brasilian fetish blowjob hidden (Janette).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia gay public bedroom .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\british blowjob big ash (Jenna,Curtney).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\Temp\black fetish trambling [free] traffic .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british xxx uncut high heels .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african xxx hidden titts ìï (Samantha).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\indian handjob trambling catfight leather .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian fetish blowjob big titts (Britney,Jade).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian porn xxx big ¼ç .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cum bukkake [bangbus] feet gorgeoushorny (Samantha).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx hot (!) .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\InstallTemp\indian cum horse full movie .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\kicking beast sleeping titts shoes (Janette).avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\Downloaded Program Files\russian horse xxx catfight (Tatjana).mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\malaysia beast [bangbus] feet bedroom .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british xxx licking upskirt .mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beastiality fucking [bangbus] 40+ .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\beastiality horse uncut wifey .mpeg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian porn xxx masturbation titts beautyfull .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish action fucking public hole sweet (Tatjana).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american cum blowjob girls feet mistress (Sarah).mpg.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\brasilian animal lingerie hot (!) cock .avi.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\xxx voyeur glans upskirt .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\italian cum xxx masturbation glans pregnant (Janette).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\lingerie voyeur hole .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\japanese gang bang lingerie [free] glans (Gina,Tatjana).rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\british trambling sleeping titts (Sonja,Melissa).zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm big .zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\assembly\tmp\lingerie several models 50+ .rar.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\sperm [bangbus] (Sylvia).zip.exe	50a2a6aa57789deee95e72b504dbbeb0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50a2a6aa57789deee95e72b504dbbeb0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
2660	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
1880	50a2a6aa57789deee95e72b504dbbeb0N.exe
2248	50a2a6aa57789deee95e72b504dbbeb0N.exe
2660	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
2524	50a2a6aa57789deee95e72b504dbbeb0N.exe
1604	50a2a6aa57789deee95e72b504dbbeb0N.exe
2712	50a2a6aa57789deee95e72b504dbbeb0N.exe
1880	50a2a6aa57789deee95e72b504dbbeb0N.exe
2036	50a2a6aa57789deee95e72b504dbbeb0N.exe
2248	50a2a6aa57789deee95e72b504dbbeb0N.exe
2660	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
2924	50a2a6aa57789deee95e72b504dbbeb0N.exe
1308	50a2a6aa57789deee95e72b504dbbeb0N.exe
2004	50a2a6aa57789deee95e72b504dbbeb0N.exe
2524	50a2a6aa57789deee95e72b504dbbeb0N.exe
1472	50a2a6aa57789deee95e72b504dbbeb0N.exe
1604	50a2a6aa57789deee95e72b504dbbeb0N.exe
2712	50a2a6aa57789deee95e72b504dbbeb0N.exe
1880	50a2a6aa57789deee95e72b504dbbeb0N.exe
2700	50a2a6aa57789deee95e72b504dbbeb0N.exe
2376	50a2a6aa57789deee95e72b504dbbeb0N.exe
1108	50a2a6aa57789deee95e72b504dbbeb0N.exe
1448	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
2248	50a2a6aa57789deee95e72b504dbbeb0N.exe
2660	50a2a6aa57789deee95e72b504dbbeb0N.exe
2036	50a2a6aa57789deee95e72b504dbbeb0N.exe
944	50a2a6aa57789deee95e72b504dbbeb0N.exe
2468	50a2a6aa57789deee95e72b504dbbeb0N.exe
2340	50a2a6aa57789deee95e72b504dbbeb0N.exe
2924	50a2a6aa57789deee95e72b504dbbeb0N.exe
1308	50a2a6aa57789deee95e72b504dbbeb0N.exe
2524	50a2a6aa57789deee95e72b504dbbeb0N.exe
1692	50a2a6aa57789deee95e72b504dbbeb0N.exe
1860	50a2a6aa57789deee95e72b504dbbeb0N.exe
2288	50a2a6aa57789deee95e72b504dbbeb0N.exe
344	50a2a6aa57789deee95e72b504dbbeb0N.exe
2712	50a2a6aa57789deee95e72b504dbbeb0N.exe
2004	50a2a6aa57789deee95e72b504dbbeb0N.exe
1604	50a2a6aa57789deee95e72b504dbbeb0N.exe
1880	50a2a6aa57789deee95e72b504dbbeb0N.exe
1880	50a2a6aa57789deee95e72b504dbbeb0N.exe
440	50a2a6aa57789deee95e72b504dbbeb0N.exe
440	50a2a6aa57789deee95e72b504dbbeb0N.exe
832	50a2a6aa57789deee95e72b504dbbeb0N.exe
832	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
1968	50a2a6aa57789deee95e72b504dbbeb0N.exe
1744	50a2a6aa57789deee95e72b504dbbeb0N.exe
1744	50a2a6aa57789deee95e72b504dbbeb0N.exe
2700	50a2a6aa57789deee95e72b504dbbeb0N.exe
2700	50a2a6aa57789deee95e72b504dbbeb0N.exe
2256	50a2a6aa57789deee95e72b504dbbeb0N.exe
2256	50a2a6aa57789deee95e72b504dbbeb0N.exe
1784	50a2a6aa57789deee95e72b504dbbeb0N.exe
1784	50a2a6aa57789deee95e72b504dbbeb0N.exe
3056	50a2a6aa57789deee95e72b504dbbeb0N.exe
3056	50a2a6aa57789deee95e72b504dbbeb0N.exe
1472	50a2a6aa57789deee95e72b504dbbeb0N.exe
1472	50a2a6aa57789deee95e72b504dbbeb0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2660	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	30
PID 1968 wrote to memory of 2660	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	30
PID 1968 wrote to memory of 2660	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	30
PID 1968 wrote to memory of 2660	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	30
PID 2660 wrote to memory of 1880	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	31
PID 2660 wrote to memory of 1880	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	31
PID 2660 wrote to memory of 1880	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	31
PID 2660 wrote to memory of 1880	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	31
PID 1968 wrote to memory of 2248	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	32
PID 1968 wrote to memory of 2248	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	32
PID 1968 wrote to memory of 2248	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	32
PID 1968 wrote to memory of 2248	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	32
PID 1880 wrote to memory of 2524	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	33
PID 1880 wrote to memory of 2524	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	33
PID 1880 wrote to memory of 2524	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	33
PID 1880 wrote to memory of 2524	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	33
PID 2660 wrote to memory of 2712	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	34
PID 2660 wrote to memory of 2712	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	34
PID 2660 wrote to memory of 2712	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	34
PID 2660 wrote to memory of 2712	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	34
PID 2248 wrote to memory of 1604	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	35
PID 2248 wrote to memory of 1604	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	35
PID 2248 wrote to memory of 1604	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	35
PID 2248 wrote to memory of 1604	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	35
PID 1968 wrote to memory of 2036	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	36
PID 1968 wrote to memory of 2036	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	36
PID 1968 wrote to memory of 2036	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	36
PID 1968 wrote to memory of 2036	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	36
PID 2524 wrote to memory of 2924	2524	50a2a6aa57789deee95e72b504dbbeb0N.exe	37
PID 2524 wrote to memory of 2924	2524	50a2a6aa57789deee95e72b504dbbeb0N.exe	37
PID 2524 wrote to memory of 2924	2524	50a2a6aa57789deee95e72b504dbbeb0N.exe	37
PID 2524 wrote to memory of 2924	2524	50a2a6aa57789deee95e72b504dbbeb0N.exe	37
PID 1604 wrote to memory of 2004	1604	50a2a6aa57789deee95e72b504dbbeb0N.exe	38
PID 1604 wrote to memory of 2004	1604	50a2a6aa57789deee95e72b504dbbeb0N.exe	38
PID 1604 wrote to memory of 2004	1604	50a2a6aa57789deee95e72b504dbbeb0N.exe	38
PID 1604 wrote to memory of 2004	1604	50a2a6aa57789deee95e72b504dbbeb0N.exe	38
PID 2712 wrote to memory of 1308	2712	50a2a6aa57789deee95e72b504dbbeb0N.exe	39
PID 2712 wrote to memory of 1308	2712	50a2a6aa57789deee95e72b504dbbeb0N.exe	39
PID 2712 wrote to memory of 1308	2712	50a2a6aa57789deee95e72b504dbbeb0N.exe	39
PID 2712 wrote to memory of 1308	2712	50a2a6aa57789deee95e72b504dbbeb0N.exe	39
PID 1880 wrote to memory of 1472	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	40
PID 1880 wrote to memory of 1472	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	40
PID 1880 wrote to memory of 1472	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	40
PID 1880 wrote to memory of 1472	1880	50a2a6aa57789deee95e72b504dbbeb0N.exe	40
PID 2248 wrote to memory of 2700	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	41
PID 2248 wrote to memory of 2700	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	41
PID 2248 wrote to memory of 2700	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	41
PID 2248 wrote to memory of 2700	2248	50a2a6aa57789deee95e72b504dbbeb0N.exe	41
PID 2660 wrote to memory of 2376	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	42
PID 2660 wrote to memory of 2376	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	42
PID 2660 wrote to memory of 2376	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	42
PID 2660 wrote to memory of 2376	2660	50a2a6aa57789deee95e72b504dbbeb0N.exe	42
PID 1968 wrote to memory of 1108	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	43
PID 1968 wrote to memory of 1108	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	43
PID 1968 wrote to memory of 1108	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	43
PID 1968 wrote to memory of 1108	1968	50a2a6aa57789deee95e72b504dbbeb0N.exe	43
PID 2036 wrote to memory of 1448	2036	50a2a6aa57789deee95e72b504dbbeb0N.exe	44
PID 2036 wrote to memory of 1448	2036	50a2a6aa57789deee95e72b504dbbeb0N.exe	44
PID 2036 wrote to memory of 1448	2036	50a2a6aa57789deee95e72b504dbbeb0N.exe	44
PID 2036 wrote to memory of 1448	2036	50a2a6aa57789deee95e72b504dbbeb0N.exe	44
PID 2924 wrote to memory of 944	2924	50a2a6aa57789deee95e72b504dbbeb0N.exe	45
PID 2924 wrote to memory of 944	2924	50a2a6aa57789deee95e72b504dbbeb0N.exe	45
PID 2924 wrote to memory of 944	2924	50a2a6aa57789deee95e72b504dbbeb0N.exe	45
PID 2924 wrote to memory of 944	2924	50a2a6aa57789deee95e72b504dbbeb0N.exe	45

C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
"C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        10⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        10⤵
        
        PID:21024
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        10⤵
        
        PID:19332
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:18688
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21120
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:20904
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        10⤵
        
        PID:20992
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21764
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21592
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21632
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22408
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22440
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        10⤵
        
        PID:21472
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21256
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:20880
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:19200
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19948
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21700
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:22044
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21688
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20828
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21584
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21496
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21520
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21008
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21152
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20912
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21168
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20936
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20612
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21088
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21868
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21056
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20888
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19452
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21432
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21480
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:20836
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:19888
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:19388
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21288
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21408
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22400
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21200
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19520
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20724
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21812
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21032
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19528
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22036
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21040
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21128
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21924
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22092
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20868
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20820
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21648
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21264
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22004
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:17272
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20896
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20592
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:21600
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20860
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:20844
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21440
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19552
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:19364
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21376
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21672
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20944
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20796
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22384
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22188
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19436
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20424
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19612
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19420
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21224
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19404
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21780
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20580
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21788
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21772
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21844
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21852
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:14192
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20628
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19340
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21360
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21536
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20660
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21248
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21456
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22448
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:22376
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20676
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20772
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20620
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20968
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:17244
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21640
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19512
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21804
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21216
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:22180
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19544
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21384
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:20708
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21296
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:22196
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21512
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21656
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:19396
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:19208
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        9⤵
        
        PID:22424
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22392
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20716
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21932
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:20684
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21488
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21756
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19348
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21464
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:22100
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:22068
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21080
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21820
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21940
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21916
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22076
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:18704
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20732
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20928
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21424
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:17320
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:19560
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21892
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20644
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21908
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20652
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21860
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19584
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21576
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22416
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22368
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:18696
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21400
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20604
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20780
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19192
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21544
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21664
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21096
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21208
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20852
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22432
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21392
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19620
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:13932
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10544
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7936
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:14004
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        8⤵
        
        PID:21016
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21884
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19568
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20960
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21828
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21112
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21000
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:20748
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22084
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:20984
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21048
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21160
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21608
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21964
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21272
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21836
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20804
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:20812
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11192
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:19380
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21680
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:14280
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:22060
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21416
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:22340
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21192
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:21616
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        7⤵
        
        PID:21568
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20976
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:20764
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:11072
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21368
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21144
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21184
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:17296
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        6⤵
        
        PID:19428
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:21232
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:19176
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21104
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:20788
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:14152
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:19160
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:10048
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:20700
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
        5⤵
        
        PID:22020
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:11596
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:12976
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21448
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:12820
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:21240
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3792
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:19168
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:11028
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:20636
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  PID:5524
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
      4⤵
      PID:21796
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:4732
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  PID:8236
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:21624
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  PID:11352
- - C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
    3⤵
    PID:22052
- C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\50a2a6aa57789deee95e72b504dbbeb0N.exe"
  2⤵
  PID:21900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\indian action fucking public ash .avi.exe

Filesize
1.2MB

MD5
15059b5b17af123cb39f225ae39e4994

SHA1
bde76d8dc38181f3a8acabac4c0bc92ab9d49d59

SHA256
60880c6862f43eb64f4d3da6a59cbe9f6e3ceb89cde40d9977f1cb0afeb8710a

SHA512
a98e6853a0b391d5584f5c05f8a897dad0b60206788dd94999317165793f270073c48ba4060dc1b898ff897ac46d448a3c562b74b63903002f8cad720a3d29ff

Download Submit
C:\debug.txt

Filesize
183B

MD5
03f2c7ea82ff4c43579ac2012e41a35d

SHA1
719bb04c4474c1562babe4edd125b3e4c68f5014

SHA256
7468aabaf870cf75ae0d9d007bd21b95f7e1307f71ad70c05569b17db5ea2e01

SHA512
5f62c21f47668ae478f2d61f869934f69ff81cff865ec367d998ddd212fc2e7ce12e876f9935865689cc607f2bd48a74e07edeb62c58740cfcaa8f3b5bb2565f

Download Submit
memory/1968-104-0x0000000074270000-0x0000000074278000-memory.dmp

Filesize
32KB

Download
memory/1968-100-0x0000000074280000-0x0000000074283000-memory.dmp

Filesize
12KB

Download