955b2a9e963f7afb09610cf7558d5596d12a23e8112563bf50c0324ef8fc1ad5

Analysis

max time kernel
20s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6304f188b2d5ff8788d1e0f41f1e3520N.exe
Size

1.7MB
MD5

6304f188b2d5ff8788d1e0f41f1e3520
SHA1

ad383bac925e5ef2cf33b4af668c9ed35b6d6fb7
SHA256

955b2a9e963f7afb09610cf7558d5596d12a23e8112563bf50c0324ef8fc1ad5
SHA512

1c7201a42afc879b1f52a7938e056c7548181ea379042c039b994a43c83f6ca6bfc00acb4c4599efa720d946c7f1b9eb9b64fe5fbb2848b4ca73063014fcf8e1
SSDEEP

49152:VIIpD141kDjl/fS2Lqbj0GbDIz3WzaKLbe:fDOuRfS2Lqf0G/IzWHbe

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\B:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\I:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\K:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\L:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\M:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\P:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\V:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\W:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\A:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\G:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\H:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\J:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\Y:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\S:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\X:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\Z:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\N:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\O:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\Q:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\R:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\E:	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File opened (read-only)	\??\U:	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american nude beast full movie .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish kicking lesbian big glans (Sonja,Samantha).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast several models gorgeoushorny .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore lesbian boots (Gina,Liz).zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian horse horse girls (Samantha).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\FxsTmp\german bukkake girls femdom .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish beastiality horse [milf] titts traffic .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian nude gay full movie hole high heels .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish animal lesbian masturbation shoes .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian public .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gay hot (!) 40+ .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish fetish fucking several models .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake voyeur YEâPSè& .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian handjob horse catfight .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files\DVD Maker\Shared\fucking hidden wifey .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files\Windows Journal\Templates\brasilian animal lesbian full movie .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese nude hardcore [free] (Curtney).mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse big feet stockings .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\hardcore public swallow .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese kicking hardcore big (Tatjana).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish handjob horse voyeur .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse masturbation feet .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish gang bang fucking big .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese nude gay voyeur feet .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\beast public hole circumcision (Janette).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\lesbian hot (!) swallow (Ashley,Tatjana).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish horse masturbation (Karin).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [bangbus] hole mature .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian porn sperm catfight (Tatjana).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\african bukkake masturbation leather (Sonja,Melissa).zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob sperm lesbian feet stockings .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore public titts girly (Janette).mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\InstallTemp\cum beast several models titts .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\asian lesbian lesbian mature .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black cum trambling uncut hole mistress (Janette).zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\black handjob hardcore voyeur bedroom .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beastiality bukkake [free] hole sweet .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese beastiality lesbian lesbian ejaculation .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\lesbian masturbation (Sylvia).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese trambling public .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian horse beast voyeur leather .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie catfight feet .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia horse public latex .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black handjob lesbian masturbation .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia trambling lesbian hole .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian horse hardcore [milf] .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\tyrkish horse horse voyeur hole (Kathrin,Tatjana).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish gang bang horse masturbation titts .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\japanese animal lingerie big gorgeoushorny .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german lingerie sleeping castration .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french gay several models titts .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish gang bang fucking [free] titts (Britney,Karin).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\SoftwareDistribution\Download\lingerie voyeur feet .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\tyrkish cumshot blowjob big (Liz).avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\fucking [bangbus] titts hairy .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\french hardcore [bangbus] glans .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\italian cum lingerie voyeur titts .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gay girls sweet .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\beast voyeur feet (Kathrin,Melissa).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\british gay several models hairy .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\hardcore voyeur glans mature (Liz).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking catfight titts .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese trambling full movie .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\Temp\tyrkish cum sperm licking boots .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german lesbian [bangbus] .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish gang bang sperm big upskirt .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\asian sperm big traffic .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\tmp\black cum xxx several models .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\american gang bang fucking hot (!) .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude beast uncut (Jade).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\italian beastiality horse masturbation bedroom .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fucking hidden girly .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish hardcore [bangbus] .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\security\templates\indian fetish horse girls .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\british bukkake big feet .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese nude xxx [milf] penetration .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\chinese xxx uncut mature .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lesbian several models traffic .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian action beast big .zip.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\PLA\Templates\danish porn horse [free] .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob sperm big young .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\action beast licking upskirt .mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian beastiality horse sleeping lady .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse [bangbus] cock (Sonja,Karin).rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\beast voyeur .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\temp\danish nude trambling licking beautyfull .mpeg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish nude gay sleeping glans lady (Samantha).mpg.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african horse lesbian titts bondage .rar.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black cumshot fucking hidden hairy .avi.exe	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1640	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1884	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1636	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1760	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe
484	6304f188b2d5ff8788d1e0f41f1e3520N.exe
320	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1084	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1928	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2320	6304f188b2d5ff8788d1e0f41f1e3520N.exe
812	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2340	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2000	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1304	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2484	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1640	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1884	6304f188b2d5ff8788d1e0f41f1e3520N.exe
296	6304f188b2d5ff8788d1e0f41f1e3520N.exe
320	6304f188b2d5ff8788d1e0f41f1e3520N.exe
976	6304f188b2d5ff8788d1e0f41f1e3520N.exe
652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
652	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1636	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1636	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2084	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2084	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1760	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1760	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1724	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1724	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1696	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1696	6304f188b2d5ff8788d1e0f41f1e3520N.exe
484	6304f188b2d5ff8788d1e0f41f1e3520N.exe
484	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe
2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe
1500	6304f188b2d5ff8788d1e0f41f1e3520N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2652	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	30
PID 2680 wrote to memory of 2652	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	30
PID 2680 wrote to memory of 2652	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	30
PID 2680 wrote to memory of 2652	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	30
PID 2652 wrote to memory of 2396	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	31
PID 2652 wrote to memory of 2396	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	31
PID 2652 wrote to memory of 2396	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	31
PID 2652 wrote to memory of 2396	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	31
PID 2680 wrote to memory of 2372	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	32
PID 2680 wrote to memory of 2372	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	32
PID 2680 wrote to memory of 2372	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	32
PID 2680 wrote to memory of 2372	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	32
PID 2396 wrote to memory of 2216	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	33
PID 2396 wrote to memory of 2216	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	33
PID 2396 wrote to memory of 2216	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	33
PID 2396 wrote to memory of 2216	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	33
PID 2372 wrote to memory of 2288	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	34
PID 2372 wrote to memory of 2288	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	34
PID 2372 wrote to memory of 2288	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	34
PID 2372 wrote to memory of 2288	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	34
PID 2652 wrote to memory of 2560	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	35
PID 2652 wrote to memory of 2560	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	35
PID 2652 wrote to memory of 2560	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	35
PID 2652 wrote to memory of 2560	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	35
PID 2680 wrote to memory of 2676	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	36
PID 2680 wrote to memory of 2676	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	36
PID 2680 wrote to memory of 2676	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	36
PID 2680 wrote to memory of 2676	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	36
PID 2216 wrote to memory of 2872	2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe	37
PID 2216 wrote to memory of 2872	2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe	37
PID 2216 wrote to memory of 2872	2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe	37
PID 2216 wrote to memory of 2872	2216	6304f188b2d5ff8788d1e0f41f1e3520N.exe	37
PID 2288 wrote to memory of 1640	2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe	38
PID 2288 wrote to memory of 1640	2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe	38
PID 2288 wrote to memory of 1640	2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe	38
PID 2288 wrote to memory of 1640	2288	6304f188b2d5ff8788d1e0f41f1e3520N.exe	38
PID 2560 wrote to memory of 1884	2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe	40
PID 2560 wrote to memory of 1884	2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe	40
PID 2560 wrote to memory of 1884	2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe	40
PID 2560 wrote to memory of 1884	2560	6304f188b2d5ff8788d1e0f41f1e3520N.exe	40
PID 2396 wrote to memory of 1636	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	39
PID 2396 wrote to memory of 1636	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	39
PID 2396 wrote to memory of 1636	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	39
PID 2396 wrote to memory of 1636	2396	6304f188b2d5ff8788d1e0f41f1e3520N.exe	39
PID 2372 wrote to memory of 1760	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	41
PID 2372 wrote to memory of 1760	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	41
PID 2372 wrote to memory of 1760	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	41
PID 2372 wrote to memory of 1760	2372	6304f188b2d5ff8788d1e0f41f1e3520N.exe	41
PID 2680 wrote to memory of 484	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	42
PID 2680 wrote to memory of 484	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	42
PID 2680 wrote to memory of 484	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	42
PID 2680 wrote to memory of 484	2680	6304f188b2d5ff8788d1e0f41f1e3520N.exe	42
PID 2676 wrote to memory of 1084	2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe	43
PID 2676 wrote to memory of 1084	2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe	43
PID 2676 wrote to memory of 1084	2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe	43
PID 2676 wrote to memory of 1084	2676	6304f188b2d5ff8788d1e0f41f1e3520N.exe	43
PID 2652 wrote to memory of 320	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	44
PID 2652 wrote to memory of 320	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	44
PID 2652 wrote to memory of 320	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	44
PID 2652 wrote to memory of 320	2652	6304f188b2d5ff8788d1e0f41f1e3520N.exe	44
PID 2872 wrote to memory of 1928	2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe	45
PID 2872 wrote to memory of 1928	2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe	45
PID 2872 wrote to memory of 1928	2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe	45
PID 2872 wrote to memory of 1928	2872	6304f188b2d5ff8788d1e0f41f1e3520N.exe	45

C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
"C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:23232
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:19276
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:21112
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:20272
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:19212
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21048
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:22480
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:23580
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:20532
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:22468
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18848
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22552
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        10⤵
        
        PID:21220
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:19844
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:21008
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:22272
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22120
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18888
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22336
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20248
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21472
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22664
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20780
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22044
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22140
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:23108
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:20796
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:21024
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20828
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:19356
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22184
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:19284
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22832
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18688
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21120
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20504
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20556
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22524
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22016
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22240
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20392
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:21136
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18912
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22744
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21188
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:24440
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:19188
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20788
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18720
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19316
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21204
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21072
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20700
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18840
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21152
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21244
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21056
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22576
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22560
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22296
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20628
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18944
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:23212
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21080
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20596
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:23588
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20740
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20812
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19348
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:23220
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:21196
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22280
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20836
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:24220
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:23404
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20748
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20524
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19388
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21428
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20876
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18588
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21436
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22844
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20228
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21168
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20240
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20900
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18968
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19684
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22824
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18548
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18872
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19868
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20580
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20448
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:24456
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21144
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:24172
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22460
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22224
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20588
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20472
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18816
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22312
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20764
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22544
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22208
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18928
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22076
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:14376
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:19828
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:20604
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:19380
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:21760
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22320
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21088
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        9⤵
        
        PID:22256
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21128
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20620
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:19616
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:24184
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19700
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:24424
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:18880
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:24336
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:22516
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21160
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20732
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19820
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:24432
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20512
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22288
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18760
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:23116
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21000
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20868
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:19308
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:21212
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19396
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20456
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20820
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21016
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20716
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19836
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20772
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:21236
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22536
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:18792
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18864
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18448
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20916
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:872
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:24400
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:21480
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22176
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22752
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22032
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:21096
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:19404
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:19708
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:18696
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        8⤵
        
        PID:20724
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22160
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:21104
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18624
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22304
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20860
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:24464
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:20464
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:21456
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22344
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20884
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:20264
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18896
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22024
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18572
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20484
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:24448
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:21488
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22328
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:8920
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:2008
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        7⤵
        
        PID:22200
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18648
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:21420
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:21464
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20548
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:23076
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22352
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:19000
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:21448
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:24472
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:8936
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:17792
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:21064
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:2640
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:20992
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:18808
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:20564
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:10460
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:18776
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  PID:856
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
        5⤵
        
        PID:22264
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:14924
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:20400
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22152
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:20572
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:20708
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
      "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
      4⤵
      PID:22868
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:18680
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  PID:5988
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:12748
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:23572
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  PID:8844
- - C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
    "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
    3⤵
    PID:22584
- C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe
  "C:\Users\Admin\AppData\Local\Temp\6304f188b2d5ff8788d1e0f41f1e3520N.exe"
  2⤵
  PID:18824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\gay hot (!) 40+ .mpg.exe

Filesize
1.6MB

MD5
568d598676aa50ee181be181b67a794b

SHA1
304d368f1bfbdbf970a332f7ae6ac17ac3429381

SHA256
6b8eb40dcc5e2cfe3ec555744385b096bf2f8a55091a19b1c7677e146604828b

SHA512
ef60dad785d2854cbadfc32f86851994a4dfa6eb0bb4a8c9fead312e8495e8a41562a72c7356a74b09e0061fbcc0ef6bd9cc560cc6e9c02de68db4b6f73b956b

Download Submit
C:\debug.txt

Filesize
183B

MD5
5f975e1ae83ff887928022319a9f6019

SHA1
50a126d196318813348e508c26ed14f612d31610

SHA256
0d7e3dee00f33d171f10794bd18fe09b03c62f23918eac906c8b1c5d53912881

SHA512
2470e468ba877a10e2f85211442217fe7e205d7d50ae89d82ebdbd3ef15d8e6316dade1d79704d6f9f954266c750a252581c054fb22f236d0132aae1985626df

Download Submit