806dab50ebc506af9c277980f77e8ddc4dd228a056a8e58029cee4fb8d135fdc

Analysis

max time kernel
28s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a513b432ccb362406910377e7bc6c320N.exe
Size

510KB
MD5

a513b432ccb362406910377e7bc6c320
SHA1

90d0a9cff862dcbe3db6aafa6ab4ca419ca07983
SHA256

806dab50ebc506af9c277980f77e8ddc4dd228a056a8e58029cee4fb8d135fdc
SHA512

a0a482723383f0706166ecbd4fc5f1d343f33b25102e130e5a3f742a425cfed09f7034e9e03f827c6a2e031a94a962c7f86e9e006129998f23c34990fef99097
SSDEEP

12288:dXCNi9BkO5rigwtNUW4bFvolFX+H1zQZU55yO4:oWD4gGOW4RvofuQi55yO4

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	a513b432ccb362406910377e7bc6c320N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\U:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\V:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\W:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\G:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\I:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\L:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\N:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\E:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\J:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\H:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\K:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\P:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\R:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\Z:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\A:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\B:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\S:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\T:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\X:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\Y:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\M:	a513b432ccb362406910377e7bc6c320N.exe
File opened (read-only)	\??\O:	a513b432ccb362406910377e7bc6c320N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\lesbian masturbation ìï .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\IME\shared\american action fucking licking shower .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\System32\DriverStore\Temp\lingerie sleeping .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore public bedroom .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot beast licking cock mature (Curtney).zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie catfight .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black handjob fucking [milf] mistress .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish lingerie [bangbus] hotel .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx uncut stockings .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking lingerie uncut glans (Anniston,Liz).mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish horse beast girls young .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian kicking fucking sleeping .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling hidden feet (Ashley,Sarah).avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files\DVD Maker\Shared\black nude sperm girls (Karin).rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\hardcore sleeping titts mature .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian cum trambling voyeur .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black beastiality bukkake uncut fishy .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\black handjob sperm catfight sweet .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\italian gang bang trambling catfight glans traffic (Jade).mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality bukkake full movie feet traffic .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\horse girls titts wifey (Melissa).mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude horse licking beautyfull .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese fetish fucking full movie (Liz).mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files\Windows Journal\Templates\indian porn hardcore girls feet wifey (Jade).rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie [free] (Samantha).rar.exe	a513b432ccb362406910377e7bc6c320N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian kicking bukkake masturbation .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse hidden (Tatjana).rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\french fucking [bangbus] .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\action bukkake [free] .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\trambling [bangbus] hole mistress .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american porn xxx public .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\Downloaded Program Files\hardcore girls .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia beast [free] glans circumcision (Samantha).rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\mssrv.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian beastiality lesbian sleeping titts boots .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\indian nude bukkake hidden .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\german beast catfight titts bedroom .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia sperm uncut ash .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cum trambling several models glans high heels .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\lingerie masturbation .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\american kicking blowjob hidden granny .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking uncut ejaculation .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\black handjob beast catfight (Melissa).rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\temp\gay masturbation titts .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish nude blowjob [free] feet (Ashley,Sylvia).mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\xxx several models .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\british trambling girls (Karin).zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\InstallTemp\indian beastiality sperm public ejaculation .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\Temp\fucking public .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian blowjob lesbian glans .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian gang bang xxx voyeur cock .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian cumshot sperm full movie cock lady (Melissa).avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking uncut .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\sperm several models latex .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian cumshot xxx full movie boots .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\security\templates\japanese gang bang hardcore voyeur upskirt .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\lesbian voyeur feet .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\nude trambling [milf] leather (Gina,Karin).zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian gang bang horse big titts pregnant .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\cum lingerie catfight (Tatjana).mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian cum blowjob full movie young .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american kicking beast hidden titts redhair (Curtney).mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\asian hardcore uncut balls .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\russian beastiality fucking girls .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\bukkake big circumcision .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gang bang sperm uncut feet .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking [milf] girly .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french fucking voyeur hole .mpg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia hardcore several models fishy .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia trambling hidden glans castration .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\british fucking lesbian boots .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\xxx big hole .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cumshot fucking catfight ash .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american action fucking hot (!) cock (Gina,Sylvia).zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beastiality trambling several models titts fishy .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\indian gang bang beast girls mature .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian action lesbian [bangbus] boots .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian fetish blowjob uncut .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\chinese lesbian full movie latex .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\beastiality gay catfight .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\tyrkish horse lingerie full movie .zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\asian sperm hot (!) hole .mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese action fucking [bangbus] glans (Christine,Karin).avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese beast licking feet castration .rar.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\japanese handjob lingerie masturbation YEâPSè& (Sonja,Sylvia).mpeg.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese handjob sperm full movie hotel (Ashley,Sylvia).zip.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\british fucking [bangbus] .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\fetish hardcore big hole .avi.exe	a513b432ccb362406910377e7bc6c320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\sperm masturbation high heels .zip.exe	a513b432ccb362406910377e7bc6c320N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a513b432ccb362406910377e7bc6c320N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2604	a513b432ccb362406910377e7bc6c320N.exe
2660	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe
2944	a513b432ccb362406910377e7bc6c320N.exe
2464	a513b432ccb362406910377e7bc6c320N.exe
2660	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe
484	a513b432ccb362406910377e7bc6c320N.exe
608	a513b432ccb362406910377e7bc6c320N.exe
2944	a513b432ccb362406910377e7bc6c320N.exe
1340	a513b432ccb362406910377e7bc6c320N.exe
1360	a513b432ccb362406910377e7bc6c320N.exe
2464	a513b432ccb362406910377e7bc6c320N.exe
2660	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe
1996	a513b432ccb362406910377e7bc6c320N.exe
900	a513b432ccb362406910377e7bc6c320N.exe
1324	a513b432ccb362406910377e7bc6c320N.exe
484	a513b432ccb362406910377e7bc6c320N.exe
960	a513b432ccb362406910377e7bc6c320N.exe
1308	a513b432ccb362406910377e7bc6c320N.exe
2944	a513b432ccb362406910377e7bc6c320N.exe
1196	a513b432ccb362406910377e7bc6c320N.exe
1340	a513b432ccb362406910377e7bc6c320N.exe
1572	a513b432ccb362406910377e7bc6c320N.exe
1360	a513b432ccb362406910377e7bc6c320N.exe
608	a513b432ccb362406910377e7bc6c320N.exe
2464	a513b432ccb362406910377e7bc6c320N.exe
2660	a513b432ccb362406910377e7bc6c320N.exe
2208	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe
2228	a513b432ccb362406910377e7bc6c320N.exe
2164	a513b432ccb362406910377e7bc6c320N.exe
1996	a513b432ccb362406910377e7bc6c320N.exe
2660	a513b432ccb362406910377e7bc6c320N.exe
2076	a513b432ccb362406910377e7bc6c320N.exe
900	a513b432ccb362406910377e7bc6c320N.exe
1324	a513b432ccb362406910377e7bc6c320N.exe
608	a513b432ccb362406910377e7bc6c320N.exe
2464	a513b432ccb362406910377e7bc6c320N.exe
536	a513b432ccb362406910377e7bc6c320N.exe
1424	a513b432ccb362406910377e7bc6c320N.exe
1360	a513b432ccb362406910377e7bc6c320N.exe
1796	a513b432ccb362406910377e7bc6c320N.exe
1804	a513b432ccb362406910377e7bc6c320N.exe
3016	a513b432ccb362406910377e7bc6c320N.exe
484	a513b432ccb362406910377e7bc6c320N.exe
996	a513b432ccb362406910377e7bc6c320N.exe
2648	a513b432ccb362406910377e7bc6c320N.exe
1572	a513b432ccb362406910377e7bc6c320N.exe
2208	a513b432ccb362406910377e7bc6c320N.exe
1340	a513b432ccb362406910377e7bc6c320N.exe
2944	a513b432ccb362406910377e7bc6c320N.exe
616	a513b432ccb362406910377e7bc6c320N.exe
992	a513b432ccb362406910377e7bc6c320N.exe
1720	a513b432ccb362406910377e7bc6c320N.exe
1808	a513b432ccb362406910377e7bc6c320N.exe
1568	a513b432ccb362406910377e7bc6c320N.exe
2964	a513b432ccb362406910377e7bc6c320N.exe
960	a513b432ccb362406910377e7bc6c320N.exe
1196	a513b432ccb362406910377e7bc6c320N.exe
1308	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe
2604	a513b432ccb362406910377e7bc6c320N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2660	2604	a513b432ccb362406910377e7bc6c320N.exe	29
PID 2604 wrote to memory of 2660	2604	a513b432ccb362406910377e7bc6c320N.exe	29
PID 2604 wrote to memory of 2660	2604	a513b432ccb362406910377e7bc6c320N.exe	29
PID 2604 wrote to memory of 2660	2604	a513b432ccb362406910377e7bc6c320N.exe	29
PID 2660 wrote to memory of 2944	2660	a513b432ccb362406910377e7bc6c320N.exe	30
PID 2660 wrote to memory of 2944	2660	a513b432ccb362406910377e7bc6c320N.exe	30
PID 2660 wrote to memory of 2944	2660	a513b432ccb362406910377e7bc6c320N.exe	30
PID 2660 wrote to memory of 2944	2660	a513b432ccb362406910377e7bc6c320N.exe	30
PID 2604 wrote to memory of 2464	2604	a513b432ccb362406910377e7bc6c320N.exe	31
PID 2604 wrote to memory of 2464	2604	a513b432ccb362406910377e7bc6c320N.exe	31
PID 2604 wrote to memory of 2464	2604	a513b432ccb362406910377e7bc6c320N.exe	31
PID 2604 wrote to memory of 2464	2604	a513b432ccb362406910377e7bc6c320N.exe	31
PID 2944 wrote to memory of 484	2944	a513b432ccb362406910377e7bc6c320N.exe	32
PID 2944 wrote to memory of 484	2944	a513b432ccb362406910377e7bc6c320N.exe	32
PID 2944 wrote to memory of 484	2944	a513b432ccb362406910377e7bc6c320N.exe	32
PID 2944 wrote to memory of 484	2944	a513b432ccb362406910377e7bc6c320N.exe	32
PID 2464 wrote to memory of 608	2464	a513b432ccb362406910377e7bc6c320N.exe	33
PID 2464 wrote to memory of 608	2464	a513b432ccb362406910377e7bc6c320N.exe	33
PID 2464 wrote to memory of 608	2464	a513b432ccb362406910377e7bc6c320N.exe	33
PID 2464 wrote to memory of 608	2464	a513b432ccb362406910377e7bc6c320N.exe	33
PID 2660 wrote to memory of 1340	2660	a513b432ccb362406910377e7bc6c320N.exe	34
PID 2660 wrote to memory of 1340	2660	a513b432ccb362406910377e7bc6c320N.exe	34
PID 2660 wrote to memory of 1340	2660	a513b432ccb362406910377e7bc6c320N.exe	34
PID 2660 wrote to memory of 1340	2660	a513b432ccb362406910377e7bc6c320N.exe	34
PID 2604 wrote to memory of 1360	2604	a513b432ccb362406910377e7bc6c320N.exe	35
PID 2604 wrote to memory of 1360	2604	a513b432ccb362406910377e7bc6c320N.exe	35
PID 2604 wrote to memory of 1360	2604	a513b432ccb362406910377e7bc6c320N.exe	35
PID 2604 wrote to memory of 1360	2604	a513b432ccb362406910377e7bc6c320N.exe	35
PID 484 wrote to memory of 1996	484	a513b432ccb362406910377e7bc6c320N.exe	36
PID 484 wrote to memory of 1996	484	a513b432ccb362406910377e7bc6c320N.exe	36
PID 484 wrote to memory of 1996	484	a513b432ccb362406910377e7bc6c320N.exe	36
PID 484 wrote to memory of 1996	484	a513b432ccb362406910377e7bc6c320N.exe	36
PID 2944 wrote to memory of 900	2944	a513b432ccb362406910377e7bc6c320N.exe	37
PID 2944 wrote to memory of 900	2944	a513b432ccb362406910377e7bc6c320N.exe	37
PID 2944 wrote to memory of 900	2944	a513b432ccb362406910377e7bc6c320N.exe	37
PID 2944 wrote to memory of 900	2944	a513b432ccb362406910377e7bc6c320N.exe	37
PID 1360 wrote to memory of 960	1360	a513b432ccb362406910377e7bc6c320N.exe	38
PID 1360 wrote to memory of 960	1360	a513b432ccb362406910377e7bc6c320N.exe	38
PID 1360 wrote to memory of 960	1360	a513b432ccb362406910377e7bc6c320N.exe	38
PID 1360 wrote to memory of 960	1360	a513b432ccb362406910377e7bc6c320N.exe	38
PID 608 wrote to memory of 1324	608	a513b432ccb362406910377e7bc6c320N.exe	39
PID 608 wrote to memory of 1324	608	a513b432ccb362406910377e7bc6c320N.exe	39
PID 608 wrote to memory of 1324	608	a513b432ccb362406910377e7bc6c320N.exe	39
PID 608 wrote to memory of 1324	608	a513b432ccb362406910377e7bc6c320N.exe	39
PID 1340 wrote to memory of 1308	1340	a513b432ccb362406910377e7bc6c320N.exe	40
PID 1340 wrote to memory of 1308	1340	a513b432ccb362406910377e7bc6c320N.exe	40
PID 1340 wrote to memory of 1308	1340	a513b432ccb362406910377e7bc6c320N.exe	40
PID 1340 wrote to memory of 1308	1340	a513b432ccb362406910377e7bc6c320N.exe	40
PID 2464 wrote to memory of 1572	2464	a513b432ccb362406910377e7bc6c320N.exe	41
PID 2464 wrote to memory of 1572	2464	a513b432ccb362406910377e7bc6c320N.exe	41
PID 2464 wrote to memory of 1572	2464	a513b432ccb362406910377e7bc6c320N.exe	41
PID 2464 wrote to memory of 1572	2464	a513b432ccb362406910377e7bc6c320N.exe	41
PID 2660 wrote to memory of 1196	2660	a513b432ccb362406910377e7bc6c320N.exe	42
PID 2660 wrote to memory of 1196	2660	a513b432ccb362406910377e7bc6c320N.exe	42
PID 2660 wrote to memory of 1196	2660	a513b432ccb362406910377e7bc6c320N.exe	42
PID 2660 wrote to memory of 1196	2660	a513b432ccb362406910377e7bc6c320N.exe	42
PID 2604 wrote to memory of 2208	2604	a513b432ccb362406910377e7bc6c320N.exe	43
PID 2604 wrote to memory of 2208	2604	a513b432ccb362406910377e7bc6c320N.exe	43
PID 2604 wrote to memory of 2208	2604	a513b432ccb362406910377e7bc6c320N.exe	43
PID 2604 wrote to memory of 2208	2604	a513b432ccb362406910377e7bc6c320N.exe	43
PID 1996 wrote to memory of 2228	1996	a513b432ccb362406910377e7bc6c320N.exe	44
PID 1996 wrote to memory of 2228	1996	a513b432ccb362406910377e7bc6c320N.exe	44
PID 1996 wrote to memory of 2228	1996	a513b432ccb362406910377e7bc6c320N.exe	44
PID 1996 wrote to memory of 2228	1996	a513b432ccb362406910377e7bc6c320N.exe	44

C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
"C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        10⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        10⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        10⤵
        
        PID:19212
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        10⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:19220
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:20156
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:20084
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:18616
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:19564
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        10⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:20036
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:20116
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:20172
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:20068
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19504
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:20124
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14844
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18512
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:20216
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:20044
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19228
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:20060
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18632
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:20148
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:19584
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19656
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19608
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19640
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16712
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14192
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14808
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17648
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:14040
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:608
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        9⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:19480
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:20092
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18488
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:20076
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:21100
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        8⤵
        
        PID:20052
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19632
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19516
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18724
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18456
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:20028
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14032
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:19548
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19592
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18624
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:12300
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:19496
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:16768
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:20100
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16428
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:20164
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16704
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        7⤵
        
        PID:20140
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19524
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19648
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17800
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19600
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17608
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18608
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:17440
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18980
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:20132
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18104
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:19192
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14636
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:17472
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18732
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:14688
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:16376
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:11372
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:19164
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
        5⤵
        
        PID:18648
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:17768
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18072
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:20108
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:18216
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4332
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
      "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
      4⤵
      PID:18032
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:15000
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  PID:6268
- - C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
    "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
    3⤵
    PID:16592
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  PID:9884
- C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe
  "C:\Users\Admin\AppData\Local\Temp\a513b432ccb362406910377e7bc6c320N.exe"
  2⤵
  PID:17932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude horse licking beautyfull .avi.exe

Filesize
1.8MB

MD5
c4399da914ed27e69013a4ecbafde80b

SHA1
aff99cdae78a48e98b15746710f24de0d783495a

SHA256
a597fa4d00e16edd7f80214e8c7e2188f042c99c9bb0075b63aa2d45b3bf0713

SHA512
539b6c0d1a290e34a340c4ccb95472f017206dff5a9a5c4425f5cdf3f3657750724e52526f45eb3f76fe2751bbe2f07e8ed5031e4b7b5ce5662bf076443466dd

Download Submit
C:\debug.txt

Filesize
183B

MD5
aa78232baaa5873f436aee0a5cc4a2d1

SHA1
6d30198b25c3dfbcc500e96b71e4a528e33c9323

SHA256
579e343faad2858e9f2ee96ad5b59031dfbd27418cb09da103fbce8613ea83bd

SHA512
b15140dea1139b56dfba0595f42e5eaff098307e80a8ce7ed439630824ec7285a28686c8cbec4ec374a4621938abe1b44bb1903c7813bab5a7889162a8be00a8

Download Submit
memory/484-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/484-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/484-99-0x0000000004F90000-0x0000000004FBB000-memory.dmp

Filesize
172KB

Download
memory/484-168-0x0000000004F90000-0x0000000004FBB000-memory.dmp

Filesize
172KB

Download
memory/536-142-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/608-170-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/608-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/608-132-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/616-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/616-148-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/900-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/900-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/900-130-0x00000000050F0000-0x000000000511B000-memory.dmp

Filesize
172KB

Download
memory/960-113-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/960-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/960-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/992-149-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/992-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/996-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/996-143-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1196-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1196-118-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/1196-137-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1308-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1308-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1324-131-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/1324-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1324-167-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/1340-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1340-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1360-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1360-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1424-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1424-141-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1568-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1568-147-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1572-134-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1572-112-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1572-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-158-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1720-150-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1720-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1796-138-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1796-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1804-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1996-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1996-127-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1996-105-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1996-182-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2076-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2164-162-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/2164-125-0x0000000004E70000-0x0000000004E9B000-memory.dmp

Filesize
172KB

Download
memory/2164-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-135-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2208-114-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2208-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-123-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2228-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-154-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2228-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2320-151-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2320-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-173-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/2464-133-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/2584-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2604-70-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/2604-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2604-140-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/2604-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2604-156-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/2648-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2660-160-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2660-129-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2660-71-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2660-90-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2660-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-180-0x00000000020E0000-0x000000000210B000-memory.dmp

Filesize
172KB

Download
memory/2944-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2944-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2944-171-0x0000000004FA0000-0x0000000004FCB000-memory.dmp

Filesize
172KB

Download
memory/2944-100-0x0000000004FA0000-0x0000000004FCB000-memory.dmp

Filesize
172KB

Download
memory/2944-93-0x0000000001EF0000-0x0000000001F1B000-memory.dmp

Filesize
172KB

Download
memory/2944-136-0x0000000004FA0000-0x0000000004FCB000-memory.dmp

Filesize
172KB

Download
memory/2964-146-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2964-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-179-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/3016-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-139-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/3476-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3512-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3556-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download