6d2f2ef4a20f0454f36294d85140e3638493b5f4216f870fdc2961fecb1eb0c4

Analysis

max time kernel
35s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 16:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67a1ef932123b75f030a17a60f68ffa0N.exe
Size

2.0MB
MD5

67a1ef932123b75f030a17a60f68ffa0
SHA1

caee92091462adefca23b85e46808318598144bb
SHA256

6d2f2ef4a20f0454f36294d85140e3638493b5f4216f870fdc2961fecb1eb0c4
SHA512

e9253bd9335ad7ce8b737dd474b91014f83b2944c878391bb05ab6f7b4f2414f7abec7f699db7e98a977f57be116d88f88dbb70eb62bbff76907ddc8fa6bcedb
SSDEEP

49152:hVVwcv4pXWbIgcU/P11jqXbnA3taLy/LG/sw2WWyI9puRqQo:1tRIgcU/t1jqrnA3suLaWy5Y

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	67a1ef932123b75f030a17a60f68ffa0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\K:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\S:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\V:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\Y:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\I:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\T:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\U:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\W:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\X:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\Z:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\R:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\E:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\H:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\L:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\P:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\Q:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\B:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\G:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\M:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\N:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\O:	67a1ef932123b75f030a17a60f68ffa0N.exe
File opened (read-only)	\??\A:	67a1ef932123b75f030a17a60f68ffa0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish nude fucking masturbation feet Ôë .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish fetish sperm [bangbus] redhair .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian public (Karin).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african xxx full movie (Jade).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob licking cock shoes .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french blowjob big glans hotel (Liz).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian hot (!) sm .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian handjob beast masturbation .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american fetish gay lesbian (Karin).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian big black hairunshaved .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse sleeping .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian horse lesbian uncut high heels .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish animal bukkake voyeur .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish fetish gay uncut glans high heels (Jade).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling full movie .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\sperm full movie glans young .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian porn blowjob lesbian feet (Sandy,Curtney).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish nude hardcore full movie titts mature .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese horse lesbian masturbation .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files\DVD Maker\Shared\american cum hardcore hidden glans stockings .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files\Windows Journal\Templates\lingerie hot (!) stockings (Sonja,Curtney).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal lesbian [bangbus] castration (Sandy,Karin).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish horse lingerie [milf] cock .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay lesbian glans (Ashley,Karin).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\bukkake lesbian .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\black cum beast hot (!) .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian kicking sperm uncut sm .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\russian kicking trambling catfight .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\black porn hardcore several models young .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\asian beast [free] ejaculation .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\japanese beastiality hardcore [milf] .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\kicking hardcore [bangbus] .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish porn lingerie several models cock latex .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse licking black hairunshaved .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\indian beastiality horse big .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\horse gay [milf] cock .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\swedish kicking hardcore girls titts stockings .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\african hardcore big ìï (Sandy,Curtney).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\malaysia fucking voyeur cock shoes .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\animal beast uncut lady (Ashley,Tatjana).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\horse sleeping (Sylvia).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\xxx public .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese trambling [free] balls .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\canadian gay public .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\sperm public young .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\black cum horse [free] hole leather .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake [milf] balls .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian kicking hardcore masturbation castration .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\horse trambling [bangbus] YEâPSè& .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\fetish trambling several models (Sarah).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african gay masturbation feet balls .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british lingerie lesbian (Sylvia).avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\PLA\Templates\danish kicking fucking hidden bondage .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fetish fucking several models (Melissa).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\cumshot horse hot (!) glans 50+ .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\danish action trambling big (Samantha).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\asian gay masturbation .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian fetish trambling hidden .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\xxx hot (!) (Tatjana).mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm voyeur femdom .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action xxx catfight hole .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\cumshot trambling sleeping feet .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx masturbation hole .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\action sperm masturbation glans 40+ (Samantha).avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cumshot gay voyeur glans .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese fetish lingerie hidden .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british xxx girls feet shower .mpeg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish cum hardcore catfight feet pregnant .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast voyeur hole mistress .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\InstallTemp\norwegian lesbian hot (!) titts latex (Melissa).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german gay [free] .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\animal sperm full movie (Melissa).avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\chinese xxx several models cock hairy (Tatjana).rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian kicking trambling full movie redhair .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\danish nude blowjob sleeping glans blondie .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british beast several models hole shower (Sarah).rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay licking hole .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish cumshot horse licking feet leather (Karin).mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese action blowjob [bangbus] glans ejaculation .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\handjob beast licking YEâPSè& .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\porn xxx licking feet .avi.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse big cock .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\tyrkish gang bang beast [free] glans .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\canadian bukkake hot (!) .rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian blowjob hot (!) .zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\italian nude beast hot (!) (Samantha).rar.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian cumshot hardcore sleeping feet (Sandy,Tatjana).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\german xxx full movie (Jade).zip.exe	67a1ef932123b75f030a17a60f68ffa0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\french beast uncut .mpg.exe	67a1ef932123b75f030a17a60f68ffa0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67a1ef932123b75f030a17a60f68ffa0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1544	67a1ef932123b75f030a17a60f68ffa0N.exe
1780	67a1ef932123b75f030a17a60f68ffa0N.exe
1544	67a1ef932123b75f030a17a60f68ffa0N.exe
2920	67a1ef932123b75f030a17a60f68ffa0N.exe
2196	67a1ef932123b75f030a17a60f68ffa0N.exe
1780	67a1ef932123b75f030a17a60f68ffa0N.exe
1544	67a1ef932123b75f030a17a60f68ffa0N.exe
2028	67a1ef932123b75f030a17a60f68ffa0N.exe
2068	67a1ef932123b75f030a17a60f68ffa0N.exe
1316	67a1ef932123b75f030a17a60f68ffa0N.exe
2920	67a1ef932123b75f030a17a60f68ffa0N.exe
2196	67a1ef932123b75f030a17a60f68ffa0N.exe
2736	67a1ef932123b75f030a17a60f68ffa0N.exe
1780	67a1ef932123b75f030a17a60f68ffa0N.exe
1544	67a1ef932123b75f030a17a60f68ffa0N.exe
1832	67a1ef932123b75f030a17a60f68ffa0N.exe
2132	67a1ef932123b75f030a17a60f68ffa0N.exe
2860	67a1ef932123b75f030a17a60f68ffa0N.exe
1968	67a1ef932123b75f030a17a60f68ffa0N.exe
2028	67a1ef932123b75f030a17a60f68ffa0N.exe
1964	67a1ef932123b75f030a17a60f68ffa0N.exe
2920	67a1ef932123b75f030a17a60f68ffa0N.exe
1316	67a1ef932123b75f030a17a60f68ffa0N.exe
2528	67a1ef932123b75f030a17a60f68ffa0N.exe
1616	67a1ef932123b75f030a17a60f68ffa0N.exe
2068	67a1ef932123b75f030a17a60f68ffa0N.exe
2196	67a1ef932123b75f030a17a60f68ffa0N.exe
1780	67a1ef932123b75f030a17a60f68ffa0N.exe
2980	67a1ef932123b75f030a17a60f68ffa0N.exe
1544	67a1ef932123b75f030a17a60f68ffa0N.exe
2736	67a1ef932123b75f030a17a60f68ffa0N.exe
2172	67a1ef932123b75f030a17a60f68ffa0N.exe
2784	67a1ef932123b75f030a17a60f68ffa0N.exe
1828	67a1ef932123b75f030a17a60f68ffa0N.exe
1832	67a1ef932123b75f030a17a60f68ffa0N.exe
2188	67a1ef932123b75f030a17a60f68ffa0N.exe
2132	67a1ef932123b75f030a17a60f68ffa0N.exe
2860	67a1ef932123b75f030a17a60f68ffa0N.exe
2380	67a1ef932123b75f030a17a60f68ffa0N.exe
2216	67a1ef932123b75f030a17a60f68ffa0N.exe
1356	67a1ef932123b75f030a17a60f68ffa0N.exe
2196	67a1ef932123b75f030a17a60f68ffa0N.exe
2196	67a1ef932123b75f030a17a60f68ffa0N.exe
2028	67a1ef932123b75f030a17a60f68ffa0N.exe
2028	67a1ef932123b75f030a17a60f68ffa0N.exe
944	67a1ef932123b75f030a17a60f68ffa0N.exe
944	67a1ef932123b75f030a17a60f68ffa0N.exe
1816	67a1ef932123b75f030a17a60f68ffa0N.exe
1816	67a1ef932123b75f030a17a60f68ffa0N.exe
2920	67a1ef932123b75f030a17a60f68ffa0N.exe
2920	67a1ef932123b75f030a17a60f68ffa0N.exe
1316	67a1ef932123b75f030a17a60f68ffa0N.exe
1316	67a1ef932123b75f030a17a60f68ffa0N.exe
2528	67a1ef932123b75f030a17a60f68ffa0N.exe
2528	67a1ef932123b75f030a17a60f68ffa0N.exe
1964	67a1ef932123b75f030a17a60f68ffa0N.exe
1964	67a1ef932123b75f030a17a60f68ffa0N.exe
2500	67a1ef932123b75f030a17a60f68ffa0N.exe
2500	67a1ef932123b75f030a17a60f68ffa0N.exe
2068	67a1ef932123b75f030a17a60f68ffa0N.exe
2068	67a1ef932123b75f030a17a60f68ffa0N.exe
1968	67a1ef932123b75f030a17a60f68ffa0N.exe
1968	67a1ef932123b75f030a17a60f68ffa0N.exe
2036	67a1ef932123b75f030a17a60f68ffa0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1780	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	31
PID 1544 wrote to memory of 1780	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	31
PID 1544 wrote to memory of 1780	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	31
PID 1544 wrote to memory of 1780	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	31
PID 1780 wrote to memory of 2920	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	32
PID 1780 wrote to memory of 2920	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	32
PID 1780 wrote to memory of 2920	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	32
PID 1780 wrote to memory of 2920	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	32
PID 1544 wrote to memory of 2196	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	33
PID 1544 wrote to memory of 2196	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	33
PID 1544 wrote to memory of 2196	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	33
PID 1544 wrote to memory of 2196	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	33
PID 2920 wrote to memory of 2028	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	34
PID 2920 wrote to memory of 2028	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	34
PID 2920 wrote to memory of 2028	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	34
PID 2920 wrote to memory of 2028	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	34
PID 2196 wrote to memory of 2068	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	35
PID 2196 wrote to memory of 2068	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	35
PID 2196 wrote to memory of 2068	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	35
PID 2196 wrote to memory of 2068	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	35
PID 1780 wrote to memory of 1316	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	36
PID 1780 wrote to memory of 1316	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	36
PID 1780 wrote to memory of 1316	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	36
PID 1780 wrote to memory of 1316	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	36
PID 1544 wrote to memory of 2736	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	37
PID 1544 wrote to memory of 2736	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	37
PID 1544 wrote to memory of 2736	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	37
PID 1544 wrote to memory of 2736	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	37
PID 2028 wrote to memory of 1832	2028	67a1ef932123b75f030a17a60f68ffa0N.exe	38
PID 2028 wrote to memory of 1832	2028	67a1ef932123b75f030a17a60f68ffa0N.exe	38
PID 2028 wrote to memory of 1832	2028	67a1ef932123b75f030a17a60f68ffa0N.exe	38
PID 2028 wrote to memory of 1832	2028	67a1ef932123b75f030a17a60f68ffa0N.exe	38
PID 2068 wrote to memory of 2132	2068	67a1ef932123b75f030a17a60f68ffa0N.exe	39
PID 2068 wrote to memory of 2132	2068	67a1ef932123b75f030a17a60f68ffa0N.exe	39
PID 2068 wrote to memory of 2132	2068	67a1ef932123b75f030a17a60f68ffa0N.exe	39
PID 2068 wrote to memory of 2132	2068	67a1ef932123b75f030a17a60f68ffa0N.exe	39
PID 2920 wrote to memory of 2860	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	40
PID 2920 wrote to memory of 2860	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	40
PID 2920 wrote to memory of 2860	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	40
PID 2920 wrote to memory of 2860	2920	67a1ef932123b75f030a17a60f68ffa0N.exe	40
PID 1316 wrote to memory of 1968	1316	67a1ef932123b75f030a17a60f68ffa0N.exe	41
PID 1316 wrote to memory of 1968	1316	67a1ef932123b75f030a17a60f68ffa0N.exe	41
PID 1316 wrote to memory of 1968	1316	67a1ef932123b75f030a17a60f68ffa0N.exe	41
PID 1316 wrote to memory of 1968	1316	67a1ef932123b75f030a17a60f68ffa0N.exe	41
PID 2196 wrote to memory of 1964	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	42
PID 2196 wrote to memory of 1964	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	42
PID 2196 wrote to memory of 1964	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	42
PID 2196 wrote to memory of 1964	2196	67a1ef932123b75f030a17a60f68ffa0N.exe	42
PID 1780 wrote to memory of 1616	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	43
PID 1780 wrote to memory of 1616	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	43
PID 1780 wrote to memory of 1616	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	43
PID 1780 wrote to memory of 1616	1780	67a1ef932123b75f030a17a60f68ffa0N.exe	43
PID 1544 wrote to memory of 2528	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	44
PID 1544 wrote to memory of 2528	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	44
PID 1544 wrote to memory of 2528	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	44
PID 1544 wrote to memory of 2528	1544	67a1ef932123b75f030a17a60f68ffa0N.exe	44
PID 2736 wrote to memory of 2980	2736	67a1ef932123b75f030a17a60f68ffa0N.exe	45
PID 2736 wrote to memory of 2980	2736	67a1ef932123b75f030a17a60f68ffa0N.exe	45
PID 2736 wrote to memory of 2980	2736	67a1ef932123b75f030a17a60f68ffa0N.exe	45
PID 2736 wrote to memory of 2980	2736	67a1ef932123b75f030a17a60f68ffa0N.exe	45
PID 1832 wrote to memory of 2172	1832	67a1ef932123b75f030a17a60f68ffa0N.exe	46
PID 1832 wrote to memory of 2172	1832	67a1ef932123b75f030a17a60f68ffa0N.exe	46
PID 1832 wrote to memory of 2172	1832	67a1ef932123b75f030a17a60f68ffa0N.exe	46
PID 1832 wrote to memory of 2172	1832	67a1ef932123b75f030a17a60f68ffa0N.exe	46

C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
"C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:22232
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:22256
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:20204
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:22124
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:22100
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:21072
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:22160
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:20976
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:22224
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:22192
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22296
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:22152
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22116
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22092
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22184
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:22108
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:20392
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:18088
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20432
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:22216
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16420
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:22144
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16436
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10656
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:5920
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:9644
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:15684
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        9⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:20448
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:22240
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:20472
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:20224
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:21604
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20212
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:22176
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20608
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:19568
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:22208
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:22200
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:19928
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:14104
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        7⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20464
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:21636
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:17756
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:18076
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:21612
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20456
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:20440
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:16028
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:6540
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:9992
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:17712
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:156
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:19700
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:13220
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:1772
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:5912
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:9000
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:18096
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
        5⤵
        
        PID:20616
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:19444
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:17952
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:22168
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:6968
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:10636
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:16016
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
      4⤵
      PID:14092
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6120
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:14068
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:22304
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:7252
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
    3⤵
    PID:1664
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  PID:6012
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  PID:8992
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  PID:16004
- C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\67a1ef932123b75f030a17a60f68ffa0N.exe"
  2⤵
  PID:22068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling full movie .mpeg.exe

Filesize
1.3MB

MD5
ae8d52a5b40d5a4b2cd6d332b4560f2c

SHA1
b47445b7e6cc7d1e340c83c2f9dc7eb2034576e8

SHA256
c86a8d9d21094494022d206d636f6a94d8ebd1b11087a360b938e7207765c4dd

SHA512
b16ad84f0de1562796044552979a391a0deadb0e6f545525511ec8ef27095852598415d2ae168204735bb136b69c1b9e6b8a7da85c912c64725e6c52c89c4955

Download Submit
C:\debug.txt

Filesize
183B

MD5
6bee82e5ec9eb2c9e5d5121dc5cf70eb

SHA1
54d79fa86a3777fc4fb614019bce4b7c6b9ec170

SHA256
08bba716233fe5ee2d55473d4dee39a153af0604b340432e7a7e0302f2ba1b11

SHA512
4a4674a41ad422beb428fc350e4175f6c0f3386d0ca93b1881c6b9d8327af58ed416e2e75ae92f9b2925e6f5bcd33b1a115c327718bda98135d0a53dbe1b8b43

Download Submit