ee1df8e6168ac9f70e5d236e088e6d0acb713b08a5a4c554da076a97d3d633e3

Analysis

max time kernel
34s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91ba5d921ec4bc4bedd386d548b2aee0N.exe
Size

1.6MB
MD5

91ba5d921ec4bc4bedd386d548b2aee0
SHA1

883743c54ea1a2c48cc3c39ee7c78841c4f366dc
SHA256

ee1df8e6168ac9f70e5d236e088e6d0acb713b08a5a4c554da076a97d3d633e3
SHA512

334c286057aaedeb5e651f23d91cc00e68f96b0e9967a34dc34bc509357afb718f9cfc6aa80b7b888c9b18bba91ff2d319590440654ec0908fc759225dfb074f
SSDEEP

49152:VVaZ9HxfSWrcvIX7y3V2C3ZgKPnnMckCGpfL2:k9SWMIsVTPnMcNJ

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\M:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\R:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\T:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\V:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\Z:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\E:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\H:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\X:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\K:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\N:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\J:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\S:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\U:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\Y:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\A:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\G:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\O:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\P:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\Q:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\W:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\B:	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File opened (read-only)	\??\I:	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\swedish gang bang sleeping boots .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse licking (Janette,Liz).rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british beastiality lesbian .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese trambling public (Sarah).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake voyeur .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian action trambling several models .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\IME\shared\beast gang bang uncut hotel (Tatjana,Sarah).mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse cum catfight ash .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\System32\DriverStore\Temp\nude bukkake hidden 40+ .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang gay catfight hairy .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fetish girls castration .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british gay [bangbus] vagina bondage (Jade,Karin).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian fetish catfight legs fishy (Sonja,Ashley).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files\DVD Maker\Shared\swedish fetish handjob masturbation boobs black hairunshaved .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\asian fucking lingerie catfight glans leather .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay horse sleeping .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\handjob horse girls girly .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files\Windows Journal\Templates\malaysia beastiality fucking big nipples pregnant .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian trambling trambling voyeur mistress (Liz).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french gay [bangbus] .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian gang bang [free] ash .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian blowjob porn licking (Kathrin).avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fetish several models .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian blowjob lingerie [free] (Sylvia,Ashley).rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian fucking gay lesbian hole .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\french cum lingerie [free] hairy (Sonja,Ashley).rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\tyrkish blowjob masturbation leather (Kathrin,Sandy).avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\horse voyeur castration .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cumshot trambling several models ash .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\chinese horse gang bang sleeping ash hairy .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish cum public glans .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\german gang bang sleeping glans .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\nude fucking public cock pregnant .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese cumshot gang bang voyeur titts .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\american animal several models legs ejaculation .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\cumshot kicking uncut vagina .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\fucking [milf] nipples bondage (Karin,Ashley).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\danish blowjob licking .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\american kicking public bedroom .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking blowjob full movie glans sweet .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish handjob voyeur .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cumshot big vagina ìï (Ashley,Janette).mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian lingerie beastiality hidden nipples gorgeoushorny .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\horse kicking catfight young .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian lesbian lesbian [free] shower .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\InstallTemp\chinese action sperm catfight shoes .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fetish sleeping titts blondie (Janette).mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn [milf] hotel (Sonja).mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\black bukkake [milf] .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian trambling sperm [free] femdom .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\hardcore masturbation lady .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian horse fucking full movie feet (Samantha,Ashley).mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\asian cumshot lesbian redhair .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese lingerie public ash .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\malaysia lingerie horse hidden fishy .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\russian action hardcore hot (!) ash ash .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\gay sperm catfight (Tatjana,Sandy).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black gang bang hot (!) ash .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\lingerie porn [bangbus] hotel .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\Temp\nude licking young .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\tyrkish kicking girls ash lady .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\canadian lingerie licking lady .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\tmp\malaysia bukkake full movie titts (Karin).avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fetish beast hot (!) .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast girls glans femdom (Gina).mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish fetish [milf] boobs .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese animal several models .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\norwegian xxx fucking [milf] hole mistress .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\french horse horse [free] mistress .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\porn masturbation .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish hardcore girls .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian fetish beastiality uncut .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\indian bukkake masturbation 50+ .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\porn trambling girls .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish gang bang xxx hidden feet .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cumshot hidden (Sarah,Melissa).avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\russian sperm beast sleeping bedroom .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\nude masturbation wifey .rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian nude xxx sleeping wifey (Jenna,Jenna).mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese sperm cum big titts femdom (Britney).zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay gang bang licking legs latex .mpeg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lingerie sperm girls latex (Jenna).mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\porn horse full movie pregnant (Janette,Samantha).rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\german blowjob gay full movie pregnant .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia fucking beast sleeping .mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\assembly\temp\horse bukkake hidden sm .zip.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cumshot cum hidden legs beautyfull (Sonja,Britney).rar.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german handjob uncut boobs latex .avi.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\trambling uncut ash (Sylvia).mpg.exe	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1676	91ba5d921ec4bc4bedd386d548b2aee0N.exe
3056	91ba5d921ec4bc4bedd386d548b2aee0N.exe
752	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2208	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2176	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2252	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2016	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe
868	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe
996	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2576	91ba5d921ec4bc4bedd386d548b2aee0N.exe
3000	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe
932	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1676	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1676	91ba5d921ec4bc4bedd386d548b2aee0N.exe
3056	91ba5d921ec4bc4bedd386d548b2aee0N.exe
3056	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1860	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1860	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1384	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1384	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1120	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1120	91ba5d921ec4bc4bedd386d548b2aee0N.exe
296	91ba5d921ec4bc4bedd386d548b2aee0N.exe
296	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe
600	91ba5d921ec4bc4bedd386d548b2aee0N.exe
600	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2208	91ba5d921ec4bc4bedd386d548b2aee0N.exe
2208	91ba5d921ec4bc4bedd386d548b2aee0N.exe
752	91ba5d921ec4bc4bedd386d548b2aee0N.exe
752	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1668	91ba5d921ec4bc4bedd386d548b2aee0N.exe
1668	91ba5d921ec4bc4bedd386d548b2aee0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2888	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	31
PID 2084 wrote to memory of 2888	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	31
PID 2084 wrote to memory of 2888	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	31
PID 2084 wrote to memory of 2888	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	31
PID 2888 wrote to memory of 2212	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	32
PID 2888 wrote to memory of 2212	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	32
PID 2888 wrote to memory of 2212	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	32
PID 2888 wrote to memory of 2212	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	32
PID 2084 wrote to memory of 2064	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	33
PID 2084 wrote to memory of 2064	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	33
PID 2084 wrote to memory of 2064	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	33
PID 2084 wrote to memory of 2064	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	33
PID 2212 wrote to memory of 1532	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	34
PID 2212 wrote to memory of 1532	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	34
PID 2212 wrote to memory of 1532	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	34
PID 2212 wrote to memory of 1532	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	34
PID 2064 wrote to memory of 1672	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	35
PID 2064 wrote to memory of 1672	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	35
PID 2064 wrote to memory of 1672	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	35
PID 2064 wrote to memory of 1672	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	35
PID 2888 wrote to memory of 2856	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	36
PID 2888 wrote to memory of 2856	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	36
PID 2888 wrote to memory of 2856	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	36
PID 2888 wrote to memory of 2856	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	36
PID 2084 wrote to memory of 2940	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	37
PID 2084 wrote to memory of 2940	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	37
PID 2084 wrote to memory of 2940	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	37
PID 2084 wrote to memory of 2940	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	37
PID 1532 wrote to memory of 1628	1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe	38
PID 1532 wrote to memory of 1628	1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe	38
PID 1532 wrote to memory of 1628	1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe	38
PID 1532 wrote to memory of 1628	1532	91ba5d921ec4bc4bedd386d548b2aee0N.exe	38
PID 2212 wrote to memory of 1676	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	39
PID 2212 wrote to memory of 1676	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	39
PID 2212 wrote to memory of 1676	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	39
PID 2212 wrote to memory of 1676	2212	91ba5d921ec4bc4bedd386d548b2aee0N.exe	39
PID 1672 wrote to memory of 3056	1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe	40
PID 1672 wrote to memory of 3056	1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe	40
PID 1672 wrote to memory of 3056	1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe	40
PID 1672 wrote to memory of 3056	1672	91ba5d921ec4bc4bedd386d548b2aee0N.exe	40
PID 2856 wrote to memory of 752	2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe	41
PID 2856 wrote to memory of 752	2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe	41
PID 2856 wrote to memory of 752	2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe	41
PID 2856 wrote to memory of 752	2856	91ba5d921ec4bc4bedd386d548b2aee0N.exe	41
PID 2064 wrote to memory of 2208	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	42
PID 2064 wrote to memory of 2208	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	42
PID 2064 wrote to memory of 2208	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	42
PID 2064 wrote to memory of 2208	2064	91ba5d921ec4bc4bedd386d548b2aee0N.exe	42
PID 2888 wrote to memory of 2176	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	43
PID 2888 wrote to memory of 2176	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	43
PID 2888 wrote to memory of 2176	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	43
PID 2888 wrote to memory of 2176	2888	91ba5d921ec4bc4bedd386d548b2aee0N.exe	43
PID 2940 wrote to memory of 2252	2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe	44
PID 2940 wrote to memory of 2252	2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe	44
PID 2940 wrote to memory of 2252	2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe	44
PID 2940 wrote to memory of 2252	2940	91ba5d921ec4bc4bedd386d548b2aee0N.exe	44
PID 2084 wrote to memory of 2016	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	45
PID 2084 wrote to memory of 2016	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	45
PID 2084 wrote to memory of 2016	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	45
PID 2084 wrote to memory of 2016	2084	91ba5d921ec4bc4bedd386d548b2aee0N.exe	45
PID 1628 wrote to memory of 868	1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe	46
PID 1628 wrote to memory of 868	1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe	46
PID 1628 wrote to memory of 868	1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe	46
PID 1628 wrote to memory of 868	1628	91ba5d921ec4bc4bedd386d548b2aee0N.exe	46

C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
"C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        10⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        10⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        10⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        10⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:21936
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:21960
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:22064
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:19268
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:20068
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:22868
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19924
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22632
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19988
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22592
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22056
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:22856
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:20020
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:23260
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19892
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:18120
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:19976
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22848
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:21984
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:20036
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:18624
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19116
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19124
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22088
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:23380
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:20084
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:22840
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19768
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19756
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22072
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:20012
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19932
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22576
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:19192
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:17596
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22648
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19996
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:19940
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22112
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:18592
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:21920
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22892
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22120
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:18980
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:20060
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:22096
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:6736
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:10112
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:14948
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:22008
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        9⤵
        
        PID:20092
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:22696
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22640
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:21952
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22584
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:20076
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:23396
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19824
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:23388
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22832
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19204
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22824
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22600
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:22816
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:22688
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:20052
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:19104
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:600
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:18604
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:156
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:19168
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:20004
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:6512
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:9616
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:17088
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        7⤵
        
        PID:19144
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:22884
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19132
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22468
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22876
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:19152
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:23340
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:22656
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:17636
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:21944
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:6932
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:10104
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:14760
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        6⤵
        
        PID:19668
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:21968
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10828
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:18200
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:20028
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:13308
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:6920
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:10120
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:15036
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:21912
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:18152
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:8664
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:6940
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:20044
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
        5⤵
        
        PID:22680
  - - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
      "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
      4⤵
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:7332
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:12964
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:22080
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:8440
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:13624
- - C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
    3⤵
    PID:5696
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:6844
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:10064
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:15052
- C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe
  "C:\Users\Admin\AppData\Local\Temp\91ba5d921ec4bc4bedd386d548b2aee0N.exe"
  2⤵
  PID:23332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\fetish several models .mpg.exe

Filesize
169KB

MD5
2bb534f5de901934a6b3e317f3e9215d

SHA1
972fa73a1afb81604d263ddf9b7771eb59c16f91

SHA256
f27347739e4b6d8c2252789e436c6eaa746b478c779e404b5366713f803c2926

SHA512
a214f0d956a5b04ba021e4656d4c7aa48e5a59ea7f58a5b788cd07fb3b8c6b21a7282b2001e1b4850dd74676be5ce73917d2853e2b02ac64c6c3dda804607554

Download Submit
C:\debug.txt

Filesize
183B

MD5
b89d4e78aaa6383e27a331eab46be828

SHA1
1329a8c83739c45f43867bebffd4bbf64bc6376d

SHA256
794700d74c9e10b1471ed5409bb5c03116ed821c8464b80b18088986c077a0c3

SHA512
1ff3d8ada46b579ed4e7e32d5d831df7ec6a6c2dded09d83e7081d370ca7847d469edeca90e0c745869963d44150c05146d5b75b5b376f9ef44201fbada40971

Download Submit
memory/296-128-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/600-141-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/600-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/752-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/752-132-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/752-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/760-142-0x0000000001DF0000-0x0000000001E1B000-memory.dmp

Filesize
172KB

Download
memory/764-144-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/868-111-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/868-149-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/868-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/932-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/932-122-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/996-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/996-114-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1120-127-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1120-174-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1352-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1352-155-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1532-180-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1532-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-98-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1532-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-118-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1628-160-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1628-105-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1628-112-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1628-178-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1628-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1628-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1668-143-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1672-133-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1672-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1672-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1676-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1676-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1700-153-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1700-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1860-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1940-151-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/1940-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2016-139-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2016-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2016-109-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2016-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2028-145-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2064-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2084-159-0x0000000005450000-0x000000000547B000-memory.dmp

Filesize
172KB

Download
memory/2084-138-0x0000000005640000-0x000000000566B000-memory.dmp

Filesize
172KB

Download
memory/2084-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2084-66-0x0000000005450000-0x000000000547B000-memory.dmp

Filesize
172KB

Download
memory/2084-108-0x0000000005450000-0x000000000547B000-memory.dmp

Filesize
172KB

Download
memory/2084-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-131-0x00000000044E0000-0x000000000450B000-memory.dmp

Filesize
172KB

Download
memory/2208-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-93-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/2212-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-162-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/2212-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2252-137-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2252-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2268-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2360-146-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/2388-147-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2500-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2576-117-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2576-166-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2576-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2760-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-130-0x0000000004620000-0x000000000464B000-memory.dmp

Filesize
172KB

Download
memory/2868-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2888-157-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2888-136-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2888-90-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2888-67-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-110-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2940-140-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2940-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-161-0x0000000004460000-0x000000000448B000-memory.dmp

Filesize
172KB

Download
memory/3000-116-0x0000000004460000-0x000000000448B000-memory.dmp

Filesize
172KB

Download
memory/3056-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3056-172-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/3056-125-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/3056-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3500-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3532-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3564-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3608-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download