5b16479a9db37b040e22d65551aa3c2d057e347c012d652460196e380483c687

Analysis

max time kernel
38s
max time network
114s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c972714802cdfd78fe47189077a0ca70N.exe
Size

1.1MB
MD5

c972714802cdfd78fe47189077a0ca70
SHA1

6e9d7561e8a4f16a6ab9cc296ac6c2254d31696f
SHA256

5b16479a9db37b040e22d65551aa3c2d057e347c012d652460196e380483c687
SHA512

02b28b69e7309e9a8980d9644c32ba4099834edc0892e655cd35beaf37eddcf84706c61448bdfe6cb438cf092f537c9a81249c6ee1047e1848560424f982b3d3
SSDEEP

24576:oWIbUCI9YqzNv0PwnLRJXOKfoN6qn7jebBKGi4k7w:VI4VMP2Fg2cXCBIw

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c972714802cdfd78fe47189077a0ca70N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\T:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\Z:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\A:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\B:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\H:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\J:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\Q:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\L:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\P:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\X:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\G:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\K:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\O:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\S:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\U:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\W:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\Y:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\E:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\I:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\M:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\N:	c972714802cdfd78fe47189077a0ca70N.exe
File opened (read-only)	\??\V:	c972714802cdfd78fe47189077a0ca70N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast sleeping femdom .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish cum trambling girls upskirt (Britney,Jade).rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cumshot horse hidden \× (Jenna,Sylvia).avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\System32\DriverStore\Temp\handjob lesbian voyeur (Liz).rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british horse voyeur (Liz).zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking masturbation mature .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese cum blowjob full movie wifey (Sonja,Karin).mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay public high heels .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian horse blowjob big feet .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish handjob gay hot (!) castration .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking hidden titts .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian public high heels .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse girls 50+ .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish cum horse voyeur feet bondage .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality lingerie girls hole mature (Jade).avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian cum sperm voyeur leather (Gina,Sarah).zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files\Windows Journal\Templates\lesbian [milf] feet (Britney,Tatjana).zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\black fetish bukkake full movie titts ash .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian horse gay licking glans mistress (Janette).rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob public (Liz).avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx licking shower (Kathrin,Karin).rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [free] ejaculation .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish gang bang lesbian uncut titts .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian beastiality blowjob lesbian titts balls .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american cumshot blowjob sleeping feet femdom .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german trambling [free] young .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\hardcore [bangbus] hole YEâPSè& .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\Downloaded Program Files\hardcore [milf] sm .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast licking glans .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese beastiality beast lesbian YEâPSè& .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\InstallTemp\french trambling [bangbus] upskirt .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\fetish sperm big hole .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\british xxx [milf] .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\german hardcore licking .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\asian hardcore uncut .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\trambling several models hole .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\japanese cumshot trambling big glans ejaculation (Tatjana).avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beast catfight 50+ .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\indian cum beast [bangbus] cock .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fetish sperm hidden blondie .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american handjob trambling [bangbus] .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\italian beastiality gay voyeur 50+ .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\fucking lesbian (Melissa).mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\nude trambling catfight .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french lesbian masturbation feet .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\african trambling licking titts .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\porn lesbian hot (!) .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\nude hardcore licking .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\canadian bukkake girls .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\porn sperm [bangbus] hole ìï .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\spanish sperm sleeping .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking full movie .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian blowjob lesbian penetration .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\black cum xxx masturbation cock bedroom .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\porn trambling lesbian titts .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\xxx public (Janette).mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\security\templates\horse big feet castration (Liz).zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish animal trambling full movie mature .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british lesbian voyeur .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\cum beast masturbation (Tatjana).mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia hardcore full movie shower .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\fetish blowjob [bangbus] feet (Sandy,Samantha).rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore full movie .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\swedish handjob trambling sleeping cock high heels .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese beast [bangbus] .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gay hot (!) glans gorgeoushorny .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\german hardcore licking (Tatjana).zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian trambling voyeur young .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\british lesbian voyeur sm .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\asian lesbian catfight hole .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish beastiality fucking big hole bondage .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx catfight 40+ .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\xxx [bangbus] glans ìï (Sarah).mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\beastiality lingerie catfight glans .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\kicking fucking big .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\american nude blowjob girls .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian lesbian big titts mature .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm catfight cock .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling full movie glans latex .zip.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\chinese lesbian licking .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese porn trambling masturbation titts swallow (Karin).avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian kicking xxx public .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lesbian licking .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\nude horse uncut glans bedroom .mpg.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\porn hardcore full movie hairy .avi.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\brasilian animal sperm hot (!) .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese porn fucking full movie shoes .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\PLA\Templates\american handjob horse girls hole ejaculation .rar.exe	c972714802cdfd78fe47189077a0ca70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\malaysia bukkake lesbian glans shower .mpeg.exe	c972714802cdfd78fe47189077a0ca70N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c972714802cdfd78fe47189077a0ca70N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2052	c972714802cdfd78fe47189077a0ca70N.exe
2648	c972714802cdfd78fe47189077a0ca70N.exe
2052	c972714802cdfd78fe47189077a0ca70N.exe
2868	c972714802cdfd78fe47189077a0ca70N.exe
2648	c972714802cdfd78fe47189077a0ca70N.exe
556	c972714802cdfd78fe47189077a0ca70N.exe
2052	c972714802cdfd78fe47189077a0ca70N.exe
336	c972714802cdfd78fe47189077a0ca70N.exe
1020	c972714802cdfd78fe47189077a0ca70N.exe
2144	c972714802cdfd78fe47189077a0ca70N.exe
2868	c972714802cdfd78fe47189077a0ca70N.exe
2648	c972714802cdfd78fe47189077a0ca70N.exe
584	c972714802cdfd78fe47189077a0ca70N.exe
556	c972714802cdfd78fe47189077a0ca70N.exe
2052	c972714802cdfd78fe47189077a0ca70N.exe
1724	c972714802cdfd78fe47189077a0ca70N.exe
1060	c972714802cdfd78fe47189077a0ca70N.exe
1916	c972714802cdfd78fe47189077a0ca70N.exe
1900	c972714802cdfd78fe47189077a0ca70N.exe
1020	c972714802cdfd78fe47189077a0ca70N.exe
1932	c972714802cdfd78fe47189077a0ca70N.exe
336	c972714802cdfd78fe47189077a0ca70N.exe
2668	c972714802cdfd78fe47189077a0ca70N.exe
2648	c972714802cdfd78fe47189077a0ca70N.exe
2428	c972714802cdfd78fe47189077a0ca70N.exe
556	c972714802cdfd78fe47189077a0ca70N.exe
1064	c972714802cdfd78fe47189077a0ca70N.exe
2144	c972714802cdfd78fe47189077a0ca70N.exe
2868	c972714802cdfd78fe47189077a0ca70N.exe
584	c972714802cdfd78fe47189077a0ca70N.exe
2052	c972714802cdfd78fe47189077a0ca70N.exe
1716	c972714802cdfd78fe47189077a0ca70N.exe
2580	c972714802cdfd78fe47189077a0ca70N.exe
1060	c972714802cdfd78fe47189077a0ca70N.exe
1020	c972714802cdfd78fe47189077a0ca70N.exe
2560	c972714802cdfd78fe47189077a0ca70N.exe
1724	c972714802cdfd78fe47189077a0ca70N.exe
2948	c972714802cdfd78fe47189077a0ca70N.exe
2648	c972714802cdfd78fe47189077a0ca70N.exe
1916	c972714802cdfd78fe47189077a0ca70N.exe
1916	c972714802cdfd78fe47189077a0ca70N.exe
2668	c972714802cdfd78fe47189077a0ca70N.exe
2668	c972714802cdfd78fe47189077a0ca70N.exe
336	c972714802cdfd78fe47189077a0ca70N.exe
336	c972714802cdfd78fe47189077a0ca70N.exe
3060	c972714802cdfd78fe47189077a0ca70N.exe
3060	c972714802cdfd78fe47189077a0ca70N.exe
1584	c972714802cdfd78fe47189077a0ca70N.exe
1584	c972714802cdfd78fe47189077a0ca70N.exe
660	c972714802cdfd78fe47189077a0ca70N.exe
660	c972714802cdfd78fe47189077a0ca70N.exe
1308	c972714802cdfd78fe47189077a0ca70N.exe
1308	c972714802cdfd78fe47189077a0ca70N.exe
1480	c972714802cdfd78fe47189077a0ca70N.exe
1480	c972714802cdfd78fe47189077a0ca70N.exe
1656	c972714802cdfd78fe47189077a0ca70N.exe
1656	c972714802cdfd78fe47189077a0ca70N.exe
2164	c972714802cdfd78fe47189077a0ca70N.exe
2164	c972714802cdfd78fe47189077a0ca70N.exe
2272	c972714802cdfd78fe47189077a0ca70N.exe
2272	c972714802cdfd78fe47189077a0ca70N.exe
2224	c972714802cdfd78fe47189077a0ca70N.exe
2224	c972714802cdfd78fe47189077a0ca70N.exe
1932	c972714802cdfd78fe47189077a0ca70N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2648	2052	c972714802cdfd78fe47189077a0ca70N.exe	30
PID 2052 wrote to memory of 2648	2052	c972714802cdfd78fe47189077a0ca70N.exe	30
PID 2052 wrote to memory of 2648	2052	c972714802cdfd78fe47189077a0ca70N.exe	30
PID 2052 wrote to memory of 2648	2052	c972714802cdfd78fe47189077a0ca70N.exe	30
PID 2648 wrote to memory of 2868	2648	c972714802cdfd78fe47189077a0ca70N.exe	31
PID 2648 wrote to memory of 2868	2648	c972714802cdfd78fe47189077a0ca70N.exe	31
PID 2648 wrote to memory of 2868	2648	c972714802cdfd78fe47189077a0ca70N.exe	31
PID 2648 wrote to memory of 2868	2648	c972714802cdfd78fe47189077a0ca70N.exe	31
PID 2052 wrote to memory of 556	2052	c972714802cdfd78fe47189077a0ca70N.exe	32
PID 2052 wrote to memory of 556	2052	c972714802cdfd78fe47189077a0ca70N.exe	32
PID 2052 wrote to memory of 556	2052	c972714802cdfd78fe47189077a0ca70N.exe	32
PID 2052 wrote to memory of 556	2052	c972714802cdfd78fe47189077a0ca70N.exe	32
PID 2868 wrote to memory of 336	2868	c972714802cdfd78fe47189077a0ca70N.exe	33
PID 2868 wrote to memory of 336	2868	c972714802cdfd78fe47189077a0ca70N.exe	33
PID 2868 wrote to memory of 336	2868	c972714802cdfd78fe47189077a0ca70N.exe	33
PID 2868 wrote to memory of 336	2868	c972714802cdfd78fe47189077a0ca70N.exe	33
PID 2648 wrote to memory of 1020	2648	c972714802cdfd78fe47189077a0ca70N.exe	34
PID 2648 wrote to memory of 1020	2648	c972714802cdfd78fe47189077a0ca70N.exe	34
PID 2648 wrote to memory of 1020	2648	c972714802cdfd78fe47189077a0ca70N.exe	34
PID 2648 wrote to memory of 1020	2648	c972714802cdfd78fe47189077a0ca70N.exe	34
PID 556 wrote to memory of 2144	556	c972714802cdfd78fe47189077a0ca70N.exe	35
PID 556 wrote to memory of 2144	556	c972714802cdfd78fe47189077a0ca70N.exe	35
PID 556 wrote to memory of 2144	556	c972714802cdfd78fe47189077a0ca70N.exe	35
PID 556 wrote to memory of 2144	556	c972714802cdfd78fe47189077a0ca70N.exe	35
PID 2052 wrote to memory of 584	2052	c972714802cdfd78fe47189077a0ca70N.exe	36
PID 2052 wrote to memory of 584	2052	c972714802cdfd78fe47189077a0ca70N.exe	36
PID 2052 wrote to memory of 584	2052	c972714802cdfd78fe47189077a0ca70N.exe	36
PID 2052 wrote to memory of 584	2052	c972714802cdfd78fe47189077a0ca70N.exe	36
PID 336 wrote to memory of 1724	336	c972714802cdfd78fe47189077a0ca70N.exe	37
PID 336 wrote to memory of 1724	336	c972714802cdfd78fe47189077a0ca70N.exe	37
PID 336 wrote to memory of 1724	336	c972714802cdfd78fe47189077a0ca70N.exe	37
PID 336 wrote to memory of 1724	336	c972714802cdfd78fe47189077a0ca70N.exe	37
PID 1020 wrote to memory of 1060	1020	c972714802cdfd78fe47189077a0ca70N.exe	38
PID 1020 wrote to memory of 1060	1020	c972714802cdfd78fe47189077a0ca70N.exe	38
PID 1020 wrote to memory of 1060	1020	c972714802cdfd78fe47189077a0ca70N.exe	38
PID 1020 wrote to memory of 1060	1020	c972714802cdfd78fe47189077a0ca70N.exe	38
PID 2144 wrote to memory of 1900	2144	c972714802cdfd78fe47189077a0ca70N.exe	39
PID 2144 wrote to memory of 1900	2144	c972714802cdfd78fe47189077a0ca70N.exe	39
PID 2144 wrote to memory of 1900	2144	c972714802cdfd78fe47189077a0ca70N.exe	39
PID 2144 wrote to memory of 1900	2144	c972714802cdfd78fe47189077a0ca70N.exe	39
PID 2868 wrote to memory of 1916	2868	c972714802cdfd78fe47189077a0ca70N.exe	40
PID 2868 wrote to memory of 1916	2868	c972714802cdfd78fe47189077a0ca70N.exe	40
PID 2868 wrote to memory of 1916	2868	c972714802cdfd78fe47189077a0ca70N.exe	40
PID 2868 wrote to memory of 1916	2868	c972714802cdfd78fe47189077a0ca70N.exe	40
PID 2648 wrote to memory of 1932	2648	c972714802cdfd78fe47189077a0ca70N.exe	41
PID 2648 wrote to memory of 1932	2648	c972714802cdfd78fe47189077a0ca70N.exe	41
PID 2648 wrote to memory of 1932	2648	c972714802cdfd78fe47189077a0ca70N.exe	41
PID 2648 wrote to memory of 1932	2648	c972714802cdfd78fe47189077a0ca70N.exe	41
PID 556 wrote to memory of 2668	556	c972714802cdfd78fe47189077a0ca70N.exe	42
PID 556 wrote to memory of 2668	556	c972714802cdfd78fe47189077a0ca70N.exe	42
PID 556 wrote to memory of 2668	556	c972714802cdfd78fe47189077a0ca70N.exe	42
PID 556 wrote to memory of 2668	556	c972714802cdfd78fe47189077a0ca70N.exe	42
PID 584 wrote to memory of 1064	584	c972714802cdfd78fe47189077a0ca70N.exe	43
PID 584 wrote to memory of 1064	584	c972714802cdfd78fe47189077a0ca70N.exe	43
PID 584 wrote to memory of 1064	584	c972714802cdfd78fe47189077a0ca70N.exe	43
PID 584 wrote to memory of 1064	584	c972714802cdfd78fe47189077a0ca70N.exe	43
PID 2052 wrote to memory of 2428	2052	c972714802cdfd78fe47189077a0ca70N.exe	44
PID 2052 wrote to memory of 2428	2052	c972714802cdfd78fe47189077a0ca70N.exe	44
PID 2052 wrote to memory of 2428	2052	c972714802cdfd78fe47189077a0ca70N.exe	44
PID 2052 wrote to memory of 2428	2052	c972714802cdfd78fe47189077a0ca70N.exe	44
PID 1060 wrote to memory of 1716	1060	c972714802cdfd78fe47189077a0ca70N.exe	45
PID 1060 wrote to memory of 1716	1060	c972714802cdfd78fe47189077a0ca70N.exe	45
PID 1060 wrote to memory of 1716	1060	c972714802cdfd78fe47189077a0ca70N.exe	45
PID 1060 wrote to memory of 1716	1060	c972714802cdfd78fe47189077a0ca70N.exe	45

C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
"C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        10⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        10⤵
        
        PID:19272
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        10⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        10⤵
        
        PID:23296
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22968
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:19280
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:21188
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:21324
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23304
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21260
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22640
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22788
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19224
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22592
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22944
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23352
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23056
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22812
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19200
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22600
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21332
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22664
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19192
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21056
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21428
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:19248
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:21236
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:18992
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:18544
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21220
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22728
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22984
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21388
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22960
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23320
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21292
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22624
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21244
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21612
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:10880
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        9⤵
        
        PID:23604
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:21180
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23368
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21276
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22616
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23040
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:18528
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:20952
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23328
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21412
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23612
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19208
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21204
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21268
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22696
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22856
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21580
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21628
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21396
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22672
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21252
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21420
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:23360
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:19304
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:19176
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:12664
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:23384
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:22552
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22544
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21572
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22712
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:20960
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:2588
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21164
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:23588
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21588
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21620
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21212
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21556
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:18796
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:22804
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:7968
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:13964
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:22576
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21600
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23580
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21316
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        8⤵
        
        PID:24144
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23596
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21172
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19184
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22584
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:340
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22920
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:22820
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:19232
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:23288
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22656
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21436
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22688
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22568
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:20504
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:20308
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22680
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21196
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21404
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:23344
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18864
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22936
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18900
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:19048
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:23392
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21228
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22976
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:18976
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:20512
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:584
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:21308
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:18808
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21476
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22648
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:19264
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22928
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:22864
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22720
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:10840
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22560
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9708
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22952
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:13232
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:10964
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:23312
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        7⤵
        
        PID:23024
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        6⤵
        
        PID:21516
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22536
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:22632
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:21508
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:10832
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:23048
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21284
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21564
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:23280
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:10956
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:22832
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
        5⤵
        
        PID:18848
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:23336
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:22608
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:21484
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:10940
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:22736
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  PID:3096
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:19296
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:6988
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:9520
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:19312
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
      "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
      4⤵
      PID:22796
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:13248
- - C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
    3⤵
    PID:23376
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  PID:6860
- C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe
  "C:\Users\Admin\AppData\Local\Temp\c972714802cdfd78fe47189077a0ca70N.exe"
  2⤵
  PID:10856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [free] ejaculation .mpeg.exe

Filesize
790KB

MD5
9f5d2ee9ae607c635f5b9932b58b7e7f

SHA1
90643be24e998dce73cad3bca7f9f5fa77f2c81f

SHA256
af07f80e9c59381b98f18faacf78d2fdfd7d48b199288d095fa28d4045ee8dd7

SHA512
714a1ddd4031e70c5fbd455eb6404668cbc6af91a99e61ae35b3857ec37e7ba6937a3bbf2a74ecea6bf5b6776d17d49b8202c3acf62f0b65e7b84393a98934a8

Download Submit
C:\debug.txt

Filesize
183B

MD5
8b5d3a78216d3b2cab07ed5ae41b3d1a

SHA1
b115591deb0b239aa586e91def9cd9775be0715e

SHA256
b8f18f3857d4a78461b7c7abffe858301ce61e4ff65856f972805199fddb3688

SHA512
1b9e51277822a042544567564a1e67b53d92c326619fd70ec8b9d8fbc4163998670d726ea74bcd9fa4bc38643a5588be948eef9c1500bb13ee7ba5cf1905f2b8

Download Submit
memory/336-97-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/336-174-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/336-189-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/336-134-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/336-112-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/336-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/556-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-151-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/660-137-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/660-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/660-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1020-187-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1020-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1020-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1020-109-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1060-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1060-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1060-184-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1060-124-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1060-105-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1064-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1064-156-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1064-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1252-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1308-138-0x0000000004440000-0x000000000446B000-memory.dmp

Filesize
172KB

Download
memory/1480-139-0x00000000048F0000-0x000000000491B000-memory.dmp

Filesize
172KB

Download
memory/1520-163-0x0000000004690000-0x00000000046BB000-memory.dmp

Filesize
172KB

Download
memory/1520-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-136-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1656-142-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1716-171-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1716-121-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1716-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1716-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-106-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1724-127-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1724-185-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1724-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1900-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1900-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1900-141-0x0000000004600000-0x000000000462B000-memory.dmp

Filesize
172KB

Download
memory/1916-113-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1916-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1916-132-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1916-186-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1932-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-140-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1992-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2040-161-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2052-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-79-0x0000000004BB0000-0x0000000004BDB000-memory.dmp

Filesize
172KB

Download
memory/2052-154-0x0000000004FA0000-0x0000000004FCB000-memory.dmp

Filesize
172KB

Download
memory/2052-516-0x0000000074AE0000-0x0000000074AE3000-memory.dmp

Filesize
12KB

Download
memory/2052-521-0x0000000074A50000-0x0000000074A58000-memory.dmp

Filesize
32KB

Download
memory/2052-167-0x0000000004BC0000-0x0000000004BEB000-memory.dmp

Filesize
172KB

Download
memory/2052-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-152-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2164-159-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2224-158-0x0000000004480000-0x00000000044AB000-memory.dmp

Filesize
172KB

Download
memory/2228-162-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/2228-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2272-157-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2428-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2428-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2428-155-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2512-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2560-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2560-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2580-120-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2580-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-129-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2648-80-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-111-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2648-93-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2648-89-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2668-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2668-114-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2668-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2668-190-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2704-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2740-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2852-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2868-169-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2868-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2868-91-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2868-153-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2868-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2980-160-0x0000000002070000-0x000000000209B000-memory.dmp

Filesize
172KB

Download
memory/3000-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3060-135-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download