5980441b5286f2292b435943e288ba31a91c7dcddcf84a5555b9ba63a85d2c3a

Analysis

max time kernel
18s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Size

355KB
MD5

08e6cebc542e68c4fe8e1491ec6a2a50
SHA1

dec88ca2635514e13927442727113dbe78a612c5
SHA256

5980441b5286f2292b435943e288ba31a91c7dcddcf84a5555b9ba63a85d2c3a
SHA512

23683bb592299a91b2616c7738f823737b7a1c754490b5cf32add36c464b7a0be755101762f1aeff4d2994457ac02a15e7f5eb0c6e44363342f1c137d0f6467d
SSDEEP

6144:OWY9TmR4qxs3NBB5sSbSu17H6w96rvPD2P3FCanYP8PX8k5OcN8XDtLHAwZ/zn5w:OWji9BF/76q6WP3gan0VOIdHAwZ9VEFx

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\M:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\Q:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\R:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\Y:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\A:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\B:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\G:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\H:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\I:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\K:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\S:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\T:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\V:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\X:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\Z:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\N:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\P:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\E:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\L:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\O:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\U:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File opened (read-only)	\??\W:	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\brasilian xxx kicking big young (Sonja,Sylvia).avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse bukkake girls feet pregnant .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish beastiality lesbian (Gina).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse masturbation feet .mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish beast [milf] titts 40+ .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\malaysia hardcore fucking masturbation traffic (Britney).avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang lesbian femdom .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\System32\DriverStore\Temp\beastiality lesbian blondie (Kathrin).mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish trambling hardcore uncut gorgeoushorny .zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black cumshot lingerie [free] titts fishy .zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\american cum gay licking sm (Sonja).mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish lesbian xxx [bangbus] glans (Jenna).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian porn [bangbus] nipples .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\sperm catfight ash latex (Melissa).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian horse gang bang [free] .mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\lesbian horse several models circumcision (Jenna).mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie animal [free] beautyfull .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish hardcore girls ash .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian beastiality lesbian (Janette,Liz).avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay [bangbus] .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking hot (!) ejaculation .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files\Windows Journal\Templates\trambling lesbian (Jenna,Melissa).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\gay big (Melissa).avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian cumshot horse voyeur leather (Jade).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese horse kicking public vagina young .mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian action catfight boobs .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish nude sleeping sweet .zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake hot (!) feet (Gina,Curtney).rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\PLA\Templates\swedish cum public ash .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse uncut nipples sm .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\asian blowjob hidden femdom (Britney).mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\tmp\beastiality horse several models wifey .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\french cumshot licking feet redhair .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gang bang horse lesbian titts balls .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay hot (!) (Kathrin,Kathrin).mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish bukkake horse hot (!) pregnant .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian trambling fetish masturbation (Curtney).avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\Downloaded Program Files\swedish fucking masturbation bedroom .zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian sperm girls ash .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\tyrkish handjob lesbian bedroom .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese lingerie uncut upskirt .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish beast animal catfight (Sarah).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\security\templates\brasilian horse public .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian animal lesbian boobs (Samantha).rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore horse [bangbus] cock penetration .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fetish sperm uncut cock girly .rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black fucking sperm hot (!) .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\mssrv.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american animal lingerie [bangbus] boobs .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\SoftwareDistribution\Download\action big (Sonja,Sarah).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian beast handjob [bangbus] vagina shoes .avi.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\temp\xxx trambling hot (!) (Ashley,Sandy).rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\beastiality [free] vagina (Jenna,Karin).rar.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cum [bangbus] circumcision (Sonja).mpeg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian gay porn hot (!) feet femdom (Sonja,Janette).zip.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob [bangbus] 40+ (Jade).mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese xxx girls beautyfull .mpg.exe	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 43 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
3040	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2320	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
3000	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1280	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
888	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1580	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2052	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2380	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2376	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2372	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2296	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
3040	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1560	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1820	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2368	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2368	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1820	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1732	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
1732	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2872	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2872	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2468	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2468	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2592	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2592	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe
2320	08e6cebc542e68c4fe8e1491ec6a2a50N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2940	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	30
PID 2432 wrote to memory of 2940	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	30
PID 2432 wrote to memory of 2940	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	30
PID 2432 wrote to memory of 2940	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	30
PID 2940 wrote to memory of 2716	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	31
PID 2940 wrote to memory of 2716	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	31
PID 2940 wrote to memory of 2716	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	31
PID 2940 wrote to memory of 2716	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	31
PID 2432 wrote to memory of 2256	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	32
PID 2432 wrote to memory of 2256	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	32
PID 2432 wrote to memory of 2256	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	32
PID 2432 wrote to memory of 2256	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	32
PID 2940 wrote to memory of 2516	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	33
PID 2940 wrote to memory of 2516	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	33
PID 2940 wrote to memory of 2516	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	33
PID 2940 wrote to memory of 2516	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	33
PID 2716 wrote to memory of 2412	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	34
PID 2716 wrote to memory of 2412	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	34
PID 2716 wrote to memory of 2412	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	34
PID 2716 wrote to memory of 2412	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	34
PID 2256 wrote to memory of 2088	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	35
PID 2256 wrote to memory of 2088	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	35
PID 2256 wrote to memory of 2088	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	35
PID 2256 wrote to memory of 2088	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	35
PID 2432 wrote to memory of 2420	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	36
PID 2432 wrote to memory of 2420	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	36
PID 2432 wrote to memory of 2420	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	36
PID 2432 wrote to memory of 2420	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	36
PID 2412 wrote to memory of 2320	2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	38
PID 2412 wrote to memory of 2320	2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	38
PID 2412 wrote to memory of 2320	2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	38
PID 2412 wrote to memory of 2320	2412	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	38
PID 2940 wrote to memory of 3040	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	37
PID 2940 wrote to memory of 3040	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	37
PID 2940 wrote to memory of 3040	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	37
PID 2940 wrote to memory of 3040	2940	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	37
PID 2716 wrote to memory of 2220	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	39
PID 2716 wrote to memory of 2220	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	39
PID 2716 wrote to memory of 2220	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	39
PID 2716 wrote to memory of 2220	2716	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	39
PID 2256 wrote to memory of 1280	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	40
PID 2256 wrote to memory of 1280	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	40
PID 2256 wrote to memory of 1280	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	40
PID 2256 wrote to memory of 1280	2256	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	40
PID 2516 wrote to memory of 3000	2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	41
PID 2516 wrote to memory of 3000	2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	41
PID 2516 wrote to memory of 3000	2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	41
PID 2516 wrote to memory of 3000	2516	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	41
PID 2432 wrote to memory of 888	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	42
PID 2432 wrote to memory of 888	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	42
PID 2432 wrote to memory of 888	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	42
PID 2432 wrote to memory of 888	2432	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	42
PID 2088 wrote to memory of 1580	2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	43
PID 2088 wrote to memory of 1580	2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	43
PID 2088 wrote to memory of 1580	2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	43
PID 2088 wrote to memory of 1580	2088	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	43
PID 2420 wrote to memory of 2052	2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	44
PID 2420 wrote to memory of 2052	2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	44
PID 2420 wrote to memory of 2052	2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	44
PID 2420 wrote to memory of 2052	2420	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	44
PID 2220 wrote to memory of 2380	2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	46
PID 2220 wrote to memory of 2380	2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	46
PID 2220 wrote to memory of 2380	2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	46
PID 2220 wrote to memory of 2380	2220	08e6cebc542e68c4fe8e1491ec6a2a50N.exe	46

C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
"C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13324
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:11208
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13460
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13484
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:11460
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:12944
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13476
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:7684
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:11484
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        7⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13060
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:15252
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3212
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:5516
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:9692
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:9756
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:11096
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:9732
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13564
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:5712
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:7868
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:9912
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:9772
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:4280
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:6396
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:11416
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13596
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
      "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:7860
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:14236
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:6540
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:9848
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:8712
- - C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
    3⤵
    PID:13892
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  PID:5424
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  PID:9992
- C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe
  "C:\Users\Admin\AppData\Local\Temp\08e6cebc542e68c4fe8e1491ec6a2a50N.exe"
  2⤵
  PID:13652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish hardcore girls ash .rar.exe

Filesize
885KB

MD5
edf532c89800369dc4a2c48f76af2780

SHA1
a33face39f09ec42a4d652376d70c20477ac2cf8

SHA256
0ae64d6a99a7ba27a03816f7206752914dbf0da0ae51a33a294f827a6d64828d

SHA512
880ada384facc15a488b48b357d6392b245209cf123441fa56a891d4672867f024a4dbe5fee29392ed8d59275cb27892daf1f696055e4a2d0f2337bb50c485d3

Download Submit