1da8494d437b15d07f86ee46c95bfa33d21ca18bf23b373d9d2de993ef21dec0

Analysis

max time kernel
25s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f478c87e0e7b17adc34d0414ccbc0a90N.exe
Size

1015KB
MD5

f478c87e0e7b17adc34d0414ccbc0a90
SHA1

fec6b33d593314816695fc127fabff0d060ad3a9
SHA256

1da8494d437b15d07f86ee46c95bfa33d21ca18bf23b373d9d2de993ef21dec0
SHA512

29aedf98a6cfe551c96972d793308c668c1a6f47c6ef8c93624dc91bcecc47bd87855ad153140182fe2e139df7d08a4da12cb8ca32944405f61f464b09130f90
SSDEEP

24576:oWNW/dz8uBxoF7GR2wgKsiPnA4Kw+qYIkaGIhMSjY:VN2z8ucpGgecpw+TIjY

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\A:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\E:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\I:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\P:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\V:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\Y:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\M:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\N:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\S:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\T:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\U:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\Z:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\B:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\H:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\K:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\L:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\R:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\X:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\G:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\J:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\O:	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File opened (read-only)	\??\Q:	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\hardcore action several models .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french kicking animal [milf] .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\IME\shared\fetish full movie fishy (Britney).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian blowjob handjob sleeping .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french trambling horse voyeur .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black cumshot fucking public titts upskirt (Kathrin,Janette).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm [milf] girly .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake xxx voyeur glans blondie (Melissa,Sonja).zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian bukkake licking cock (Samantha).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SysWOW64\IME\shared\french bukkake masturbation shower .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast masturbation cock (Tatjana).rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse sleeping 50+ .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese bukkake handjob voyeur boobs .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum sleeping .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian kicking lesbian (Sonja,Sonja).mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\porn catfight black hairunshaved .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Google\Temp\swedish horse [free] nipples hotel .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american lingerie beastiality voyeur ejaculation .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black cumshot sleeping fishy .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese fucking sperm hidden swallow .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cumshot masturbation femdom (Liz).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay [milf] YEâPSè& .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files\DVD Maker\Shared\hardcore masturbation shoes (Gina,Sandy).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files\Windows Journal\Templates\swedish lesbian big legs .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian cum beastiality public titts (Samantha).zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action gang bang masturbation .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\german trambling cumshot [milf] sweet .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cumshot big nipples girly .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\canadian gang bang [milf] redhair .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\norwegian fucking sleeping leather (Janette,Liz).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\blowjob masturbation cock boots .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\horse full movie glans shoes (Sylvia,Samantha).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cum handjob uncut nipples .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian cumshot bukkake voyeur blondie .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\american kicking full movie ash .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese kicking full movie .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\cumshot beastiality public .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\american cum kicking masturbation titts penetration .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\asian handjob animal hot (!) nipples .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\porn hidden feet .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\nude several models .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian sperm voyeur .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\blowjob [bangbus] leather (Samantha).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gay porn [bangbus] .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\action blowjob sleeping titts .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\black gang bang catfight upskirt (Kathrin).mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\porn lesbian uncut mature (Melissa).mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\temp\tyrkish cumshot lesbian granny .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian hardcore horse [bangbus] black hairunshaved (Britney,Tatjana).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\american horse sperm several models .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\asian beastiality public shoes .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\american beast licking 40+ .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\asian porn hidden .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\kicking masturbation ¼ç .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\horse hot (!) cock .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\nude hidden vagina sm .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\tyrkish fetish handjob voyeur titts (Karin).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\swedish bukkake xxx big .rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\spanish gang bang lesbian catfight circumcision .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\german horse fetish [milf] vagina latex .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\sperm xxx lesbian nipples beautyfull .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\InstallTemp\lesbian voyeur .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\horse [bangbus] latex (Sonja,Gina).rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake hot (!) .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\SoftwareDistribution\Download\spanish horse porn uncut vagina high heels .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\tmp\canadian gang bang nude masturbation feet (Sonja,Jade).mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\japanese action action big glans mistress .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\hardcore [free] .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob hidden .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cumshot voyeur shoes (Jade,Sonja).zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\italian fucking [milf] glans fishy .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\japanese cumshot gay girls nipples YEâPSè& (Kathrin).mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\african horse catfight ash .mpg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\kicking animal hot (!) titts bondage .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\african blowjob uncut swallow .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude xxx masturbation vagina (Liz).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\japanese action hardcore hidden mature .avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lesbian blowjob [free] .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\fucking xxx girls feet gorgeoushorny .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\norwegian nude lingerie masturbation shower .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake big cock sweet .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fetish animal big (Sonja).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\gang bang licking ash (Ashley,Sandy).mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish horse several models .mpeg.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\malaysia xxx blowjob full movie .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese cumshot [bangbus] titts high heels .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\cumshot hidden (Sylvia,Janette).rar.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\PLA\Templates\spanish horse nude several models titts (Kathrin).avi.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african fetish lesbian [free] .zip.exe	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe
352	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2872	f478c87e0e7b17adc34d0414ccbc0a90N.exe
352	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2860	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2972	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1800	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2008	f478c87e0e7b17adc34d0414ccbc0a90N.exe
636	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2196	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2096	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2348	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2308	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2024	f478c87e0e7b17adc34d0414ccbc0a90N.exe
3028	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2872	f478c87e0e7b17adc34d0414ccbc0a90N.exe
352	f478c87e0e7b17adc34d0414ccbc0a90N.exe
352	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2860	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2860	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1036	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1036	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2556	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2556	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1440	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1440	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2464	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2464	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2972	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2972	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1800	f478c87e0e7b17adc34d0414ccbc0a90N.exe
1800	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2008	f478c87e0e7b17adc34d0414ccbc0a90N.exe
2008	f478c87e0e7b17adc34d0414ccbc0a90N.exe
596	f478c87e0e7b17adc34d0414ccbc0a90N.exe
596	f478c87e0e7b17adc34d0414ccbc0a90N.exe
596	f478c87e0e7b17adc34d0414ccbc0a90N.exe
636	f478c87e0e7b17adc34d0414ccbc0a90N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2208	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	30
PID 1976 wrote to memory of 2208	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	30
PID 1976 wrote to memory of 2208	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	30
PID 1976 wrote to memory of 2208	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	30
PID 2208 wrote to memory of 2692	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	31
PID 2208 wrote to memory of 2692	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	31
PID 2208 wrote to memory of 2692	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	31
PID 2208 wrote to memory of 2692	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	31
PID 1976 wrote to memory of 2664	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	32
PID 1976 wrote to memory of 2664	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	32
PID 1976 wrote to memory of 2664	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	32
PID 1976 wrote to memory of 2664	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	32
PID 2692 wrote to memory of 352	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	34
PID 2692 wrote to memory of 352	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	34
PID 2692 wrote to memory of 352	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	34
PID 2692 wrote to memory of 352	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	34
PID 2664 wrote to memory of 1056	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	35
PID 2664 wrote to memory of 1056	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	35
PID 2664 wrote to memory of 1056	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	35
PID 2664 wrote to memory of 1056	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	35
PID 2208 wrote to memory of 1236	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	36
PID 2208 wrote to memory of 1236	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	36
PID 2208 wrote to memory of 1236	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	36
PID 2208 wrote to memory of 1236	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	36
PID 1976 wrote to memory of 2004	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	37
PID 1976 wrote to memory of 2004	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	37
PID 1976 wrote to memory of 2004	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	37
PID 1976 wrote to memory of 2004	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	37
PID 352 wrote to memory of 1228	352	f478c87e0e7b17adc34d0414ccbc0a90N.exe	38
PID 352 wrote to memory of 1228	352	f478c87e0e7b17adc34d0414ccbc0a90N.exe	38
PID 352 wrote to memory of 1228	352	f478c87e0e7b17adc34d0414ccbc0a90N.exe	38
PID 352 wrote to memory of 1228	352	f478c87e0e7b17adc34d0414ccbc0a90N.exe	38
PID 1236 wrote to memory of 2872	1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe	39
PID 1236 wrote to memory of 2872	1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe	39
PID 1236 wrote to memory of 2872	1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe	39
PID 1236 wrote to memory of 2872	1236	f478c87e0e7b17adc34d0414ccbc0a90N.exe	39
PID 2692 wrote to memory of 2860	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	40
PID 2692 wrote to memory of 2860	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	40
PID 2692 wrote to memory of 2860	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	40
PID 2692 wrote to memory of 2860	2692	f478c87e0e7b17adc34d0414ccbc0a90N.exe	40
PID 2004 wrote to memory of 2972	2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe	42
PID 2004 wrote to memory of 2972	2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe	42
PID 2004 wrote to memory of 2972	2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe	42
PID 2004 wrote to memory of 2972	2004	f478c87e0e7b17adc34d0414ccbc0a90N.exe	42
PID 2664 wrote to memory of 2008	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	41
PID 2664 wrote to memory of 2008	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	41
PID 2664 wrote to memory of 2008	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	41
PID 2664 wrote to memory of 2008	2664	f478c87e0e7b17adc34d0414ccbc0a90N.exe	41
PID 1056 wrote to memory of 1800	1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe	43
PID 1056 wrote to memory of 1800	1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe	43
PID 1056 wrote to memory of 1800	1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe	43
PID 1056 wrote to memory of 1800	1056	f478c87e0e7b17adc34d0414ccbc0a90N.exe	43
PID 2208 wrote to memory of 636	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	44
PID 2208 wrote to memory of 636	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	44
PID 2208 wrote to memory of 636	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	44
PID 2208 wrote to memory of 636	2208	f478c87e0e7b17adc34d0414ccbc0a90N.exe	44
PID 1976 wrote to memory of 2196	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	45
PID 1976 wrote to memory of 2196	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	45
PID 1976 wrote to memory of 2196	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	45
PID 1976 wrote to memory of 2196	1976	f478c87e0e7b17adc34d0414ccbc0a90N.exe	45
PID 1228 wrote to memory of 2096	1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe	46
PID 1228 wrote to memory of 2096	1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe	46
PID 1228 wrote to memory of 2096	1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe	46
PID 1228 wrote to memory of 2096	1228	f478c87e0e7b17adc34d0414ccbc0a90N.exe	46

C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
"C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        10⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        10⤵
        
        PID:23736
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        10⤵
        
        PID:21576
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:23760
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        10⤵
        
        PID:22872
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:21808
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:22464
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22256
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        10⤵
        
        PID:21912
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23696
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:21736
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23228
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:22896
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23584
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22008
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23212
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23844
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22016
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22664
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21592
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:23204
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23052
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:21632
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23712
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22512
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22280
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22648
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23100
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22048
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23068
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23976
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23852
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23252
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22376
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22176
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22192
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23260
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21760
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22688
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:19136
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23704
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:22384
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:21784
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23220
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22712
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22840
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22096
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22408
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22760
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23148
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22360
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23036
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22328
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22312
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21688
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:700
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21640
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21560
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22584
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23304
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22720
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23116
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23236
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:20960
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21616
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22072
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23012
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23600
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:22088
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23156
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22296
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:21768
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23180
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22680
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23288
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23688
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21608
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:23880
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22272
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22432
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22040
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21824
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21792
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21800
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22200
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:21928
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21728
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21648
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23668
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23140
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23196
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21840
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23608
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22624
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21720
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23268
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22696
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21832
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21848
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22416
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22144
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22728
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23004
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22152
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21960
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22576
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22320
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23680
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22544
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23792
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21696
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23076
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21984
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21864
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21888
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:15124
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:596
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22552
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23108
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21664
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22248
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21600
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23660
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22504
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22336
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23028
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21920
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:21624
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21992
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11544
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22120
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23800
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22456
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:15140
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        9⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22848
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22344
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22632
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22752
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23084
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21952
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21856
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23776
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23164
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22224
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22808
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23784
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21968
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22592
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22488
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22064
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22944
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22056
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22424
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22400
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22736
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23044
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23728
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:21524
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22656
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22208
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22776
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:24244
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23616
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:23276
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23592
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21552
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:24236
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22608
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23132
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23628
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22184
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23752
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22240
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:776
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21392
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22864
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22352
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23768
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23720
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22496
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22800
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21568
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22888
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21904
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23244
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:17180
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21744
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:21880
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:19128
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22480
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:11844
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:3556
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        8⤵
        
        PID:22288
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21936
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:21680
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23544
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22672
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22768
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22440
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22904
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22912
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23744
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22560
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23092
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22472
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:23124
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22264
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23188
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23296
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21872
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22000
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:24036
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22024
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:20176
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:11072
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:22216
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21896
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:22784
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:21816
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        6⤵
        
        PID:21672
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22568
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23652
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22032
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23020
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22744
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22080
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23868
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22792
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22616
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:11108
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:23576
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:23060
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22304
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:21584
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23808
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:9960
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:21776
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
        5⤵
        
        PID:22600
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:22392
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:7516
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:12928
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:23172
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
      "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
      4⤵
      PID:23860
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:13520
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:21712
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  PID:6436
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:14316
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:24252
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  PID:8652
- - C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
    3⤵
    PID:22448
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  PID:14708
- C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe
  "C:\Users\Admin\AppData\Local\Temp\f478c87e0e7b17adc34d0414ccbc0a90N.exe"
  2⤵
  PID:21752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian cum beastiality public titts (Samantha).zip.exe

Filesize
1.4MB

MD5
cf5baff6506c6703bb17cf068d93549e

SHA1
276a62b720a0cd3d80e4a393f6101e8595e127c5

SHA256
d33dee9e4ec20966cf9acf442727da06e0c06d71721e2ee580dcfd92569c230b

SHA512
1c7fc683775833da684f0ddd91a0cff8f40425470ddda2f7ffdee4930f1e21f4960ba3efe5e153b79263f2dafb59192c3a657474ec6015f0f29b1bf86f81c25a

Download Submit
C:\debug.txt

Filesize
183B

MD5
3c587de1775b599878c7048a05659663

SHA1
f6e507a547aade2c9916175f7a2c8e2eebf85d50

SHA256
78fa6f55eb3860fc7078498c042c66045385f107e2cb9f49cdbe3a4350d77882

SHA512
a47937262ae8b311f49a4ff3a076f8f7b1508902a8da069e51b7e056378a7ef9841da3e0b067635b2c235c49da56a64747262caff683a5cf9d6552fbd48eac37

Download Submit
memory/352-92-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/352-102-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/352-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/352-173-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/636-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/636-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/772-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1036-125-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1056-111-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1056-144-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1056-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1056-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1144-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1228-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1228-100-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1236-176-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1236-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1236-121-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1236-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1260-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1384-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1440-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1604-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1800-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1800-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1976-158-0x0000000004FD0000-0x0000000004FFB000-memory.dmp

Filesize
172KB

Download
memory/1976-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1976-161-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/1976-115-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/1976-87-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/1976-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2004-114-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2004-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2004-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2008-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2008-132-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2008-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2024-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2024-191-0x0000000004540000-0x000000000456B000-memory.dmp

Filesize
172KB

Download
memory/2092-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-119-0x0000000001EA0000-0x0000000001ECB000-memory.dmp

Filesize
172KB

Download
memory/2096-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2128-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2136-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2136-171-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/2196-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2196-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2196-116-0x0000000004560000-0x000000000458B000-memory.dmp

Filesize
172KB

Download
memory/2208-140-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2208-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2208-110-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2308-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2348-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2348-190-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2452-151-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2464-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2540-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2556-126-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/2576-145-0x0000000001E60000-0x0000000001E8B000-memory.dmp

Filesize
172KB

Download
memory/2652-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2664-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2664-123-0x00000000050C0000-0x00000000050EB000-memory.dmp

Filesize
172KB

Download
memory/2692-113-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2692-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2788-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2800-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2828-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2840-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2872-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2872-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2972-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2972-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2972-124-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/3028-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3128-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3140-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3188-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3236-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3244-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3272-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3280-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3368-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3412-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3472-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3504-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3664-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3708-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3748-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3792-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3800-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3824-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3832-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3864-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3948-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download