b72f3a8e6f23b84de1010b5894394169f7cbe0098107ef9491e85f72bb4c16c4

Analysis

max time kernel
22s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a890237c7fb50d7f67d243df6e1bc60N.exe
Size

1.8MB
MD5

4a890237c7fb50d7f67d243df6e1bc60
SHA1

edd3c27a074c68f2a7226aab8fdfc74c9c806104
SHA256

b72f3a8e6f23b84de1010b5894394169f7cbe0098107ef9491e85f72bb4c16c4
SHA512

e8e06ac0d8ce7d963dd693d494447ce6cb497bdd0de138fe144b7916f28c2b133d7422ccd8a678ff0530c3b3fe4ff1f0af609356c3141e0f8e73f3ba2fe0a300
SSDEEP

24576:oWvJWAoUE6ZukGE6/ODVROBJS3emtTJ4Hcj4m7beEx9+fFukjjrz4Ka3Qbljp+DE:Vx7o6uC6/sROeumPucjZeukAcljORrzi

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4a890237c7fb50d7f67d243df6e1bc60N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\G:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\N:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\R:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\T:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\U:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\V:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\X:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\B:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\E:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\J:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\S:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\H:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\K:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\M:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\Y:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\Q:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\W:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\Z:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\I:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\L:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\O:	4a890237c7fb50d7f67d243df6e1bc60N.exe
File opened (read-only)	\??\P:	4a890237c7fb50d7f67d243df6e1bc60N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black handjob xxx several models castration .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian cum beast lesbian hole .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american animal bukkake voyeur cock .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian handjob hardcore several models high heels .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish action hardcore sleeping .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie hidden .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\IME\shared\trambling uncut .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx full movie redhair (Anniston,Sylvia).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx masturbation (Sylvia).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black kicking beast [free] black hairunshaved .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast catfight glans .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish gang bang bukkake girls 40+ .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\xxx big shoes .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie big ash .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse hidden .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking [free] cock .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\swedish kicking xxx girls hole balls .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files\Windows Journal\Templates\sperm full movie .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese handjob hardcore lesbian glans .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese action lesbian several models penetration (Britney,Sarah).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish action trambling hot (!) (Janette).mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files\DVD Maker\Shared\fucking several models hole high heels .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay uncut granny .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese handjob lingerie public .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american cum horse hidden glans bondage .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian cumshot lingerie voyeur upskirt (Kathrin,Curtney).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\malaysia fucking sleeping traffic .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish lesbian hot (!) swallow .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\action lingerie licking bondage .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beast masturbation (Samantha).mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\mssrv.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling lesbian glans bedroom .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\PLA\Templates\bukkake hidden circumcision .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish bukkake [bangbus] .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese sperm masturbation .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\porn hardcore [free] hole bondage .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\fucking [bangbus] shoes (Sonja,Jade).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\sperm full movie .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian bukkake lesbian titts penetration .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay uncut blondie .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\tmp\swedish handjob trambling [bangbus] hole .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\danish nude sperm lesbian stockings .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse blowjob several models cock high heels .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\trambling [free] cock pregnant (Tatjana).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\black handjob trambling licking feet castration .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\malaysia sperm hidden .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob hot (!) gorgeoushorny .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish nude horse hot (!) swallow .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\african sperm hidden .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\sperm masturbation balls .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese kicking trambling lesbian beautyfull .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\temp\trambling licking bedroom (Gina,Curtney).avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish horse xxx [bangbus] ejaculation .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\SoftwareDistribution\Download\lingerie [free] latex .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake big glans .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\british fucking girls swallow .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian nude bukkake [milf] .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\Downloaded Program Files\sperm big glans .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\horse [free] glans blondie (Jade).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking voyeur .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\tyrkish horse sperm hidden .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\horse lingerie masturbation mature (Ashley,Liz).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\norwegian xxx full movie .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gang bang lesbian hidden glans beautyfull (Karin).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian cumshot sperm hot (!) glans castration (Karin).mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake uncut (Curtney).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\sperm sleeping .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black porn lingerie big (Curtney).mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\american nude horse several models swallow .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\nude lesbian [free] hole traffic (Melissa).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm [milf] lady (Jenna,Melissa).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob xxx uncut traffic .mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian kicking bukkake catfight titts hotel (Samantha).rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\italian kicking hardcore public 40+ .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\black animal lingerie big feet .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish nude horse uncut feet blondie (Liz).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black kicking beast sleeping .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french fucking licking feet .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking lingerie [bangbus] hole swallow .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french hardcore hidden ìï .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\japanese gang bang lingerie full movie glans ejaculation .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\kicking horse [milf] sweet .zip.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american beastiality beast licking bondage .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian action beast masturbation glans shower (Sylvia).mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cumshot horse uncut .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gang bang blowjob several models glans .avi.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cum trambling public (Karin).mpg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gang bang bukkake voyeur sweet .mpeg.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\animal lingerie public upskirt .rar.exe	4a890237c7fb50d7f67d243df6e1bc60N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a890237c7fb50d7f67d243df6e1bc60N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1760	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe
1760	4a890237c7fb50d7f67d243df6e1bc60N.exe
2904	4a890237c7fb50d7f67d243df6e1bc60N.exe
2928	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe
1760	4a890237c7fb50d7f67d243df6e1bc60N.exe
1860	4a890237c7fb50d7f67d243df6e1bc60N.exe
1388	4a890237c7fb50d7f67d243df6e1bc60N.exe
2904	4a890237c7fb50d7f67d243df6e1bc60N.exe
680	4a890237c7fb50d7f67d243df6e1bc60N.exe
1652	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe
2928	4a890237c7fb50d7f67d243df6e1bc60N.exe
1760	4a890237c7fb50d7f67d243df6e1bc60N.exe
2844	4a890237c7fb50d7f67d243df6e1bc60N.exe
1104	4a890237c7fb50d7f67d243df6e1bc60N.exe
1860	4a890237c7fb50d7f67d243df6e1bc60N.exe
1488	4a890237c7fb50d7f67d243df6e1bc60N.exe
1388	4a890237c7fb50d7f67d243df6e1bc60N.exe
848	4a890237c7fb50d7f67d243df6e1bc60N.exe
2904	4a890237c7fb50d7f67d243df6e1bc60N.exe
532	4a890237c7fb50d7f67d243df6e1bc60N.exe
2256	4a890237c7fb50d7f67d243df6e1bc60N.exe
1712	4a890237c7fb50d7f67d243df6e1bc60N.exe
1760	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe
2928	4a890237c7fb50d7f67d243df6e1bc60N.exe
1652	4a890237c7fb50d7f67d243df6e1bc60N.exe
680	4a890237c7fb50d7f67d243df6e1bc60N.exe
2012	4a890237c7fb50d7f67d243df6e1bc60N.exe
1160	4a890237c7fb50d7f67d243df6e1bc60N.exe
2844	4a890237c7fb50d7f67d243df6e1bc60N.exe
1936	4a890237c7fb50d7f67d243df6e1bc60N.exe
1316	4a890237c7fb50d7f67d243df6e1bc60N.exe
1860	4a890237c7fb50d7f67d243df6e1bc60N.exe
1872	4a890237c7fb50d7f67d243df6e1bc60N.exe
1104	4a890237c7fb50d7f67d243df6e1bc60N.exe
920	4a890237c7fb50d7f67d243df6e1bc60N.exe
1388	4a890237c7fb50d7f67d243df6e1bc60N.exe
1044	4a890237c7fb50d7f67d243df6e1bc60N.exe
1488	4a890237c7fb50d7f67d243df6e1bc60N.exe
2928	4a890237c7fb50d7f67d243df6e1bc60N.exe
2928	4a890237c7fb50d7f67d243df6e1bc60N.exe
680	4a890237c7fb50d7f67d243df6e1bc60N.exe
680	4a890237c7fb50d7f67d243df6e1bc60N.exe
2904	4a890237c7fb50d7f67d243df6e1bc60N.exe
2904	4a890237c7fb50d7f67d243df6e1bc60N.exe
2256	4a890237c7fb50d7f67d243df6e1bc60N.exe
2256	4a890237c7fb50d7f67d243df6e1bc60N.exe
2956	4a890237c7fb50d7f67d243df6e1bc60N.exe
2956	4a890237c7fb50d7f67d243df6e1bc60N.exe
848	4a890237c7fb50d7f67d243df6e1bc60N.exe
848	4a890237c7fb50d7f67d243df6e1bc60N.exe
1552	4a890237c7fb50d7f67d243df6e1bc60N.exe
1552	4a890237c7fb50d7f67d243df6e1bc60N.exe
1464	4a890237c7fb50d7f67d243df6e1bc60N.exe
1464	4a890237c7fb50d7f67d243df6e1bc60N.exe
692	4a890237c7fb50d7f67d243df6e1bc60N.exe
692	4a890237c7fb50d7f67d243df6e1bc60N.exe
532	4a890237c7fb50d7f67d243df6e1bc60N.exe
532	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe
2568	4a890237c7fb50d7f67d243df6e1bc60N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2568	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	30
PID 1760 wrote to memory of 2568	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	30
PID 1760 wrote to memory of 2568	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	30
PID 1760 wrote to memory of 2568	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	30
PID 2568 wrote to memory of 2904	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	31
PID 2568 wrote to memory of 2904	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	31
PID 2568 wrote to memory of 2904	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	31
PID 2568 wrote to memory of 2904	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	31
PID 1760 wrote to memory of 2928	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	32
PID 1760 wrote to memory of 2928	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	32
PID 1760 wrote to memory of 2928	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	32
PID 1760 wrote to memory of 2928	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	32
PID 2904 wrote to memory of 1860	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	33
PID 2904 wrote to memory of 1860	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	33
PID 2904 wrote to memory of 1860	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	33
PID 2904 wrote to memory of 1860	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	33
PID 2568 wrote to memory of 680	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	34
PID 2568 wrote to memory of 680	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	34
PID 2568 wrote to memory of 680	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	34
PID 2568 wrote to memory of 680	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	34
PID 2928 wrote to memory of 1388	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	35
PID 2928 wrote to memory of 1388	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	35
PID 2928 wrote to memory of 1388	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	35
PID 2928 wrote to memory of 1388	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	35
PID 1760 wrote to memory of 1652	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	36
PID 1760 wrote to memory of 1652	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	36
PID 1760 wrote to memory of 1652	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	36
PID 1760 wrote to memory of 1652	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	36
PID 1860 wrote to memory of 2844	1860	4a890237c7fb50d7f67d243df6e1bc60N.exe	37
PID 1860 wrote to memory of 2844	1860	4a890237c7fb50d7f67d243df6e1bc60N.exe	37
PID 1860 wrote to memory of 2844	1860	4a890237c7fb50d7f67d243df6e1bc60N.exe	37
PID 1860 wrote to memory of 2844	1860	4a890237c7fb50d7f67d243df6e1bc60N.exe	37
PID 1388 wrote to memory of 1104	1388	4a890237c7fb50d7f67d243df6e1bc60N.exe	38
PID 1388 wrote to memory of 1104	1388	4a890237c7fb50d7f67d243df6e1bc60N.exe	38
PID 1388 wrote to memory of 1104	1388	4a890237c7fb50d7f67d243df6e1bc60N.exe	38
PID 1388 wrote to memory of 1104	1388	4a890237c7fb50d7f67d243df6e1bc60N.exe	38
PID 2904 wrote to memory of 1488	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	39
PID 2904 wrote to memory of 1488	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	39
PID 2904 wrote to memory of 1488	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	39
PID 2904 wrote to memory of 1488	2904	4a890237c7fb50d7f67d243df6e1bc60N.exe	39
PID 2568 wrote to memory of 848	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	40
PID 2568 wrote to memory of 848	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	40
PID 2568 wrote to memory of 848	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	40
PID 2568 wrote to memory of 848	2568	4a890237c7fb50d7f67d243df6e1bc60N.exe	40
PID 2928 wrote to memory of 532	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	41
PID 2928 wrote to memory of 532	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	41
PID 2928 wrote to memory of 532	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	41
PID 2928 wrote to memory of 532	2928	4a890237c7fb50d7f67d243df6e1bc60N.exe	41
PID 1652 wrote to memory of 1712	1652	4a890237c7fb50d7f67d243df6e1bc60N.exe	42
PID 1652 wrote to memory of 1712	1652	4a890237c7fb50d7f67d243df6e1bc60N.exe	42
PID 1652 wrote to memory of 1712	1652	4a890237c7fb50d7f67d243df6e1bc60N.exe	42
PID 1652 wrote to memory of 1712	1652	4a890237c7fb50d7f67d243df6e1bc60N.exe	42
PID 1760 wrote to memory of 2256	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	43
PID 1760 wrote to memory of 2256	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	43
PID 1760 wrote to memory of 2256	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	43
PID 1760 wrote to memory of 2256	1760	4a890237c7fb50d7f67d243df6e1bc60N.exe	43
PID 680 wrote to memory of 2012	680	4a890237c7fb50d7f67d243df6e1bc60N.exe	44
PID 680 wrote to memory of 2012	680	4a890237c7fb50d7f67d243df6e1bc60N.exe	44
PID 680 wrote to memory of 2012	680	4a890237c7fb50d7f67d243df6e1bc60N.exe	44
PID 680 wrote to memory of 2012	680	4a890237c7fb50d7f67d243df6e1bc60N.exe	44
PID 2844 wrote to memory of 1160	2844	4a890237c7fb50d7f67d243df6e1bc60N.exe	45
PID 2844 wrote to memory of 1160	2844	4a890237c7fb50d7f67d243df6e1bc60N.exe	45
PID 2844 wrote to memory of 1160	2844	4a890237c7fb50d7f67d243df6e1bc60N.exe	45
PID 2844 wrote to memory of 1160	2844	4a890237c7fb50d7f67d243df6e1bc60N.exe	45

C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
"C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        10⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        10⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:21200
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:23480
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:19904
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:19292
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:19316
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:23464
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:22760
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:20528
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:22768
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21208
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:23304
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:21608
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:19264
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:19276
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16476
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21936
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:19300
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:22268
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:12240
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17812
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21192
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21728
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:22704
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:19848
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:22752
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:21880
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17400
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:21640
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17680
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:18000
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:22776
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21960
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:8764
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:17444
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:21952
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:21044
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21128
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:19472
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17176
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:16388
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21184
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:19480
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:12148
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:21140
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:22016
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17620
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17644
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17168
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17664
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17696
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:832
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:17288
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:19840
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:19252
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17436
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17972
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:23112
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21900
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21944
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:14436
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:8952
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:13160
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:23456
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        6⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:23324
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17224
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:7604
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:12264
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:19832
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11956
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:3740
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21720
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:1972
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21600
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:6644
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:11940
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:23472
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  PID:3624
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
      "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
      4⤵
      PID:21920
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:18032
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  PID:5588
- - C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
    3⤵
    PID:16484
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  PID:9244
- C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe
  "C:\Users\Admin\AppData\Local\Temp\4a890237c7fb50d7f67d243df6e1bc60N.exe"
  2⤵
  PID:17688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\beast catfight glans .mpg.exe

Filesize
1.4MB

MD5
868b39e3e3a84007b970c11e1221d225

SHA1
9217eb71f3e92ad015383c4e4b9c77880e20cc1c

SHA256
96fa2dd3d12704a17710f38f49dc6335a58d81893fcfde5bc3da30110ba8c7e8

SHA512
430197ce775e3f579f1fbf8b8835c387b5d1cbfa6c937629a843602561694bfc154a480eeff250f6cbede1b3407662303dbed1840563b46530c84b239b4746a9

Download Submit
memory/532-138-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/532-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/548-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/680-134-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/680-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/692-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/848-137-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/848-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/920-131-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/920-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-132-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1104-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1160-161-0x00000000048E0000-0x000000000490B000-memory.dmp

Filesize
172KB

Download
memory/1160-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1160-120-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1284-158-0x00000000046B0000-0x00000000046DB000-memory.dmp

Filesize
172KB

Download
memory/1316-127-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1352-157-0x0000000001ED0000-0x0000000001EFB000-memory.dmp

Filesize
172KB

Download
memory/1388-128-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1464-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1488-129-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1488-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1488-174-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1552-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1560-150-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1568-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1652-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1652-141-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1656-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1668-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1704-155-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1712-142-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1712-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-177-0x00000000050F0000-0x000000000511B000-memory.dmp

Filesize
172KB

Download
memory/1760-54-0x00000000050F0000-0x000000000511B000-memory.dmp

Filesize
172KB

Download
memory/1760-181-0x00000000050F0000-0x000000000511B000-memory.dmp

Filesize
172KB

Download
memory/1860-124-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/1860-100-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1860-165-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/1860-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1872-126-0x0000000001E80000-0x0000000001EAB000-memory.dmp

Filesize
172KB

Download
memory/1872-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1872-176-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/1936-123-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1936-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1936-173-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1968-159-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1968-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2012-118-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2012-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2012-156-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2052-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2296-168-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2296-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2344-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2568-96-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2568-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2568-179-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2568-86-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2568-139-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2568-55-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2584-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2672-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2764-163-0x00000000046A0000-0x00000000046CB000-memory.dmp

Filesize
172KB

Download
memory/2772-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-169-0x0000000004690000-0x00000000046BB000-memory.dmp

Filesize
172KB

Download
memory/2844-164-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2844-109-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2844-121-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2844-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2864-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2904-87-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2904-135-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2904-183-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2904-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2904-94-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2924-160-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2928-133-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2928-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-97-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2956-147-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2956-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3080-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3092-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3144-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3160-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3600-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3636-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3652-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3660-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3700-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3708-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download