af0c2b69a97f6558e07e8d8d0382dad3b6719998a6456c9d1cb5e94c873b6f5e

Analysis

max time kernel
32s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0ee0cc358cc1950138fd3c152fb00b0N.exe
Size

1.7MB
MD5

f0ee0cc358cc1950138fd3c152fb00b0
SHA1

8f8b9b8fd6ede9fdf5cc815988033b798f25db84
SHA256

af0c2b69a97f6558e07e8d8d0382dad3b6719998a6456c9d1cb5e94c873b6f5e
SHA512

6eeb6d1ea6cd20524cf0faa33b947777f7570503bcc8fd87d98866eeb9df65af9451dd5870280fa8ab2ae4be82698095ad91e5539032263c31eff99f63868288
SSDEEP

49152:5ouZBfKohqt6+1S4SF+SB6wTbaogNghkycMwph4Vi:dhzx1fkwnoNghh0pqi

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\M:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\N:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\Q:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\X:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\J:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\O:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\R:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\W:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\U:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\V:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\Y:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\E:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\G:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\K:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\P:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\T:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\Z:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\A:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\B:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\I:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\L:	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File opened (read-only)	\??\S:	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie uncut hole bedroom .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british trambling sleeping .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake licking feet \× .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish hardcore girls redhair .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking voyeur feet (Anniston,Curtney).zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese animal bukkake hidden (Samantha).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish handjob sperm lesbian (Liz).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian action bukkake hot (!) titts black hairunshaved .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian action xxx big .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian porn lingerie public feet .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\lesbian catfight fishy .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm [milf] titts sweet .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish porn beast several models femdom .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian handjob xxx licking cock .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american fetish fucking public wifey .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\horse licking .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files\Windows Journal\Templates\lingerie [free] 40+ .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian beastiality bukkake big .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish porn hardcore several models titts shoes (Karin).mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files\DVD Maker\Shared\horse public .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling full movie .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian lesbian feet pregnant .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian lesbian fishy .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\blowjob public glans pregnant .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx hidden .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\black horse fucking sleeping hole fishy .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay sleeping hole .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\action trambling hot (!) (Karin).avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\french lingerie hot (!) titts wifey .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\kicking lesbian lesbian penetration .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian kicking lesbian hot (!) feet penetration .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling [bangbus] tÛ .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\chinese trambling voyeur titts swallow .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american animal xxx uncut (Jade).zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action xxx several models hole .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\brasilian gang bang sperm full movie feet (Sonja,Karin).mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british blowjob big ash .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\beastiality trambling uncut wifey .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm [bangbus] glans .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian fetish gay [free] hole shoes (Jade).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\japanese beastiality beast girls swallow .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese kicking horse [bangbus] beautyfull .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\british fucking lesbian glans wifey .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\chinese xxx full movie cock gorgeoushorny .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\temp\indian kicking hardcore girls swallow .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\bukkake hidden leather .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese hardcore lesbian upskirt (Sonja,Liz).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\animal blowjob catfight feet swallow .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\chinese horse lesbian hole latex (Karin).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\action beast girls bondage .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish horse bukkake sleeping feet upskirt .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese horse lingerie [free] mature .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish cumshot trambling licking feet 50+ (Samantha).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\cumshot sperm masturbation femdom .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\Temp\xxx girls (Jade).rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\sperm public .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\cumshot blowjob licking (Karin).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese kicking sperm full movie (Melissa).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake girls titts upskirt .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\french beast [free] pregnant .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\animal horse uncut glans .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\nude sperm licking glans .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\beastiality lesbian girls upskirt (Christine,Jade).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian kicking hardcore public ash .mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\lingerie [milf] (Curtney).mpeg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\cumshot bukkake several models circumcision (Sonja,Liz).avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\horse hot (!) (Jade).mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\nude gay public .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese cumshot beast big bedroom .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling big glans .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\spanish bukkake [milf] latex .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\french lesbian full movie beautyfull .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\indian animal xxx big hotel .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american nude lingerie hidden (Melissa).avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public feet hotel .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\swedish animal trambling hidden shower (Sandy,Curtney).rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\InstallTemp\beast [milf] (Sarah).avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\african xxx [free] (Samantha).mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\black horse blowjob hot (!) hole ejaculation .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\beast public cock .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\lesbian licking (Jade).zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\malaysia horse licking glans .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse [free] titts swallow .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\italian action beast uncut penetration (Gina,Sarah).rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gang bang beast lesbian feet .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie full movie .zip.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\swedish cum horse voyeur hole .mpg.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\indian fetish xxx big feet .rar.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian action blowjob voyeur boots .avi.exe	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe
772	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe
772	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe
772	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2444	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2672	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2860	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1800	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1764	f0ee0cc358cc1950138fd3c152fb00b0N.exe
636	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe
772	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2144	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2072	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2076	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1916	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2444	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2364	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2364	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2148	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2148	f0ee0cc358cc1950138fd3c152fb00b0N.exe
444	f0ee0cc358cc1950138fd3c152fb00b0N.exe
444	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe
708	f0ee0cc358cc1950138fd3c152fb00b0N.exe
708	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1940	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1940	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2672	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2672	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1628	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1628	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2860	f0ee0cc358cc1950138fd3c152fb00b0N.exe
2860	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1392	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1392	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1000	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1000	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1440	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1440	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1440	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1800	f0ee0cc358cc1950138fd3c152fb00b0N.exe
1800	f0ee0cc358cc1950138fd3c152fb00b0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 772	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	30
PID 1944 wrote to memory of 772	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	30
PID 1944 wrote to memory of 772	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	30
PID 1944 wrote to memory of 772	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	30
PID 772 wrote to memory of 2644	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	31
PID 772 wrote to memory of 2644	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	31
PID 772 wrote to memory of 2644	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	31
PID 772 wrote to memory of 2644	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	31
PID 1944 wrote to memory of 2248	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	32
PID 1944 wrote to memory of 2248	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	32
PID 1944 wrote to memory of 2248	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	32
PID 1944 wrote to memory of 2248	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	32
PID 2644 wrote to memory of 1852	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	34
PID 2644 wrote to memory of 1852	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	34
PID 2644 wrote to memory of 1852	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	34
PID 2644 wrote to memory of 1852	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	34
PID 772 wrote to memory of 1028	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	35
PID 772 wrote to memory of 1028	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	35
PID 772 wrote to memory of 1028	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	35
PID 772 wrote to memory of 1028	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	35
PID 2248 wrote to memory of 2060	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	36
PID 2248 wrote to memory of 2060	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	36
PID 2248 wrote to memory of 2060	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	36
PID 2248 wrote to memory of 2060	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	36
PID 1944 wrote to memory of 1232	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	37
PID 1944 wrote to memory of 1232	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	37
PID 1944 wrote to memory of 1232	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	37
PID 1944 wrote to memory of 1232	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	37
PID 1852 wrote to memory of 1260	1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe	38
PID 1852 wrote to memory of 1260	1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe	38
PID 1852 wrote to memory of 1260	1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe	38
PID 1852 wrote to memory of 1260	1852	f0ee0cc358cc1950138fd3c152fb00b0N.exe	38
PID 2060 wrote to memory of 2672	2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe	39
PID 2060 wrote to memory of 2672	2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe	39
PID 2060 wrote to memory of 2672	2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe	39
PID 2060 wrote to memory of 2672	2060	f0ee0cc358cc1950138fd3c152fb00b0N.exe	39
PID 1028 wrote to memory of 2444	1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe	40
PID 1028 wrote to memory of 2444	1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe	40
PID 1028 wrote to memory of 2444	1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe	40
PID 1028 wrote to memory of 2444	1028	f0ee0cc358cc1950138fd3c152fb00b0N.exe	40
PID 2644 wrote to memory of 2860	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	41
PID 2644 wrote to memory of 2860	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	41
PID 2644 wrote to memory of 2860	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	41
PID 2644 wrote to memory of 2860	2644	f0ee0cc358cc1950138fd3c152fb00b0N.exe	41
PID 772 wrote to memory of 1800	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	42
PID 772 wrote to memory of 1800	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	42
PID 772 wrote to memory of 1800	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	42
PID 772 wrote to memory of 1800	772	f0ee0cc358cc1950138fd3c152fb00b0N.exe	42
PID 2248 wrote to memory of 636	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	43
PID 2248 wrote to memory of 636	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	43
PID 2248 wrote to memory of 636	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	43
PID 2248 wrote to memory of 636	2248	f0ee0cc358cc1950138fd3c152fb00b0N.exe	43
PID 1232 wrote to memory of 1764	1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe	44
PID 1232 wrote to memory of 1764	1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe	44
PID 1232 wrote to memory of 1764	1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe	44
PID 1232 wrote to memory of 1764	1232	f0ee0cc358cc1950138fd3c152fb00b0N.exe	44
PID 1944 wrote to memory of 2144	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	45
PID 1944 wrote to memory of 2144	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	45
PID 1944 wrote to memory of 2144	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	45
PID 1944 wrote to memory of 2144	1944	f0ee0cc358cc1950138fd3c152fb00b0N.exe	45
PID 1260 wrote to memory of 2072	1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe	46
PID 1260 wrote to memory of 2072	1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe	46
PID 1260 wrote to memory of 2072	1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe	46
PID 1260 wrote to memory of 2072	1260	f0ee0cc358cc1950138fd3c152fb00b0N.exe	46

C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
"C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        10⤵
        
        PID:21908
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:22484
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:22492
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:18544
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:24660
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:21508
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18536
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21380
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:22148
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22404
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21332
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22172
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:22436
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18528
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:24744
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21272
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22476
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22132
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21404
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:23044
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21428
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:24712
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:24928
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21396
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22316
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21300
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22284
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18472
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:24652
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:24976
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18488
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22540
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22932
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18132
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        9⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:21248
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22180
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22964
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21516
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:24968
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21356
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:19472
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22452
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:23052
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23076
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22996
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22412
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23004
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23320
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22524
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:24668
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22356
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22108
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22856
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21264
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22468
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:24688
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22156
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15740
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22504
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22924
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:6232
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:10088
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:16872
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:18560
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:24644
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        8⤵
        
        PID:21460
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21420
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21364
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:21292
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:23012
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22988
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:21452
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22140
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22396
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21436
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22956
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22460
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22972
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22164
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21524
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:24676
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:20596
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:21316
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22364
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22208
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22124
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22848
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23020
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18568
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:24732
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22880
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:10032
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:17132
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1232
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        7⤵
        
        PID:22916
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22516
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23068
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:21412
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:784
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:21444
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22272
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:22188
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:21372
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22908
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22196
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:6332
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:13112
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:21388
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:480
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        6⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22380
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22420
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22388
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:23060
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22888
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22116
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:6652
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:16980
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:2124
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
        5⤵
        
        PID:22532
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:24704
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:22980
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:6316
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:10064
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:17008
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
      4⤵
      PID:21324
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:7204
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:13204
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:21256
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  PID:4516
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:8044
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:14512
- - C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
    3⤵
    PID:22264
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  PID:6628
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  PID:11120
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  PID:15372
- C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\f0ee0cc358cc1950138fd3c152fb00b0N.exe"
  2⤵
  PID:776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\trambling full movie .mpeg.exe

Filesize
1.8MB

MD5
b6f78e3dff857a9e95d1c7a58a65ab43

SHA1
c217639d13eb670c32dd7440f6b2044c4dce64c2

SHA256
6904118b52c8c58369493497de402f3985a58b8960a4aa746a576f851289030f

SHA512
1f341ccaab2b4e9730f1fd569e042a4b64c55ea0be7c634feff57223423c2ea68bc565a2b8abce6dec8c2817fbdf76139711c010b0bfa1b2a50a7735e8c8c588

Download Submit
C:\debug.txt

Filesize
183B

MD5
602955b5a332b856e2fe260d3b099454

SHA1
78db0b0ae14751bb016d9841fd6bb6b969c03c72

SHA256
84d13491c80a55522679103d9775580366bda58e8c16d282448f7667841397fb

SHA512
0336bd14a5f135592384df0e7e65dd187607222883898f27b7800abda8924a843d76df9d65812f77f4ddfb9e79431f5ade86431f4845b3646530336d1aef16eb

Download Submit